摘要
针对内存数据在攻击行为发生后会发生改变,而传统完整性度量系统使用的基准值度量存在检测率低、灵活性不足等问题的现象,提出一种基于多反向传播(BP)神经网络的内存组合特征分类方法。首先,将内存数据通过度量对象提取算法(MOEA)提取特征值;然后,分别使用不同的BP神经网络进行模型训练;最后,再通过一个BP神经网络对所得数据进行汇总,并得出操作系统安全状况评分。实验结果表明该方法与传统的使用基准值度量的完整性度量方法相比,检测准确率与普适性有较大提升;所提方法的检测准确率为98.25%,大于卷积神经网络(CNN)、K最邻近(KNN)算法与单BP神经网络,表明该方法能更加准确地发现攻击行为;所提方法的模型训练时间约为传统单BP神经网络的1/3,并且模型训练速度相较同类模型也有一定提升。
The memory data will change after occurring the attack behaviors,and benchmark measurement used by the traditional integrity measurement system has the problems of low detection rate and lack of flexibility.Aiming at the above problems,a memory combined feature classification method based on multiple Back Propagation(BP)neural networks was proposed.Firstly,the feature value of the memory data was extracted by Measuring Object Extraction Algorithm(MOEA).Then,the model was trained by different BP neural networks.Finally,a BP neural network was used to collect the obtained data and calculate the safety status score of the operating system.Experimental results show that compared with the traditional integrity measurement system using benchmark measurement,the proposed method has much higher accuracy and universality,and the proposed method has a detection accuracy of 98.25%,which is higher than those of Convolutional Neural Network(CNN),K-Nearest Neighbor(KNN)algorithm and single BP neural network,verifying the proposed method can detect attack behaviors more accurately.The proposed method has the model training time about 1/3 of the traditional single BP neural network,and also has the model training speed improved compared with similar models.
作者
段佳良
蔡国明
徐开勇
DUAN Jialiang;CAI Guoming;XU Kaiyong(Network Space Security Teaching and Research Room,Information Engineering University,Zhengzhou Henan 450001 China)
出处
《计算机应用》
CSCD
北大核心
2022年第1期178-182,共5页
journal of Computer Applications
关键词
内存特征
BP神经网络
完整性度量
组合特征
内核安全
memory feature
Back Propagation(BP)neural network
integrity measurement
combined feature
kernel security
