摘要
针对异常检测中的数据源选择、行为描述、正常行为学习和行为匹配,提出了一种新的基于安全模块的数据源。为验证其有效性,采用基于信息理论的数据分析和马尔可夫模型两种方法,并与目前较多采用的系统调用数据源作了对比。实验结果表明,新数据源有效,且在一定条件下,比系统调用数据更具优势。
The research of anomaly detection now focuses on four aspects: selection of data source, specification of behavior, normal behavior learning, behavior matching. For the first aspect, a new data source, which is based on linux security modules, is presented in paper. In order to test its effect, we employ two kinds of method: information-theoretic measures and Markov chains model, and we also compare the result with data of system call. The conclusion of experiment indicates that this data source is useful and even better than data of system call under certain condition.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2004年第4期403-406,共4页
Journal of University of Electronic Science and Technology of China
基金
国家863计划资助项目(2002AA141090)
关键词
异常检测
行为控制
安全模块
系统调用
anomaly detection
behavior control
linux security modules
system call