摘要
受生物免疫机制的启发,针对附网存储设备用户的异常行为,提出由用户认证、文件权限和用户阶梯组成的层次化免疫策略,对用户行为所请求的系统调用序列进行异常监控,并实现了基于系统调用对和用户分阶信息的异常检测算法,特征元素的阶梯式矩阵存储和高效的匹配方法保证了免疫策略的快速实施。实验表明,该策略能够有效阻止非法用户的入侵及合法用户的越权访问,且足够快的响应速度完全满足在线检测的需要。
Inspired from the biological immunity mechanism, a multilevel immune strategy, composed of user authentication, access authority of file system and user stair, is presented to identify abnormal behaviors in network-attached storage devices. Tracking the system calls required bye users' operations, the anomalies are monitored. An anomaly detection algorithm, which is based on system call pairs and user rank, is established and implemented. The eigenvalues are stored in a novel matrix and an efficient matching method is utilized, which ensures the immune strategy to be carried out rapidly. Experimental results show that this strategy can abort anomalies efficiently, including intrusions of unauthorized users and inadmissible accesses of authorized users. Furthermore, the response speed is fast enough for on-line monitoring.
出处
《计算机应用研究》
CSCD
北大核心
2005年第1期111-113,116,共4页
Application Research of Computers
基金
国家重点基础研究"973"基金资助项目(G19990330)
关键词
附网存储设备
入侵检测系统
系统调用
LINUX
Network-Attached Storage Device(NASD)
Intrusion Detection System (IDS)
System Call
Linux