Classification Model with High Deviation for Intrusion Detection on System Call Traces

Classification Model with High Deviation for Intrusion Detection on System Call Traces

下载PDF

导出

摘要 A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks. A new classification model for host intrusion detection based on the unidentified short sequences and RIPPER algorithm is proposed. The concepts of different short sequences on the system call traces are strictly defined on the basis of in-depth analysis of completeness and correctness of pattern databases. Labels of short sequences are predicted by learned RIPPER rule set and the nature of the unidentified short sequences is confirmed by statistical method. Experiment results indicate that the classification model increases clearly the deviation between the attack and the normal traces and improves detection capability against known and unknown attacks.

作者彭新光刘玉树吴裕树杨勇

机构地区 School of Information Science and Technology Department of Computer Science and Technology

出处《Journal of Beijing Institute of Technology》 EI CAS 2005年第3期260-263,共4页 北京理工大学学报（英文版）

关键词 network security intrusion detection system calls unidentified sequences classification model network security intrusion detection system calls unidentified sequences classification model

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献4

1苏璞睿,李德全,冯登国.基于基因规划的主机异常入侵检测模型(英文)[J].软件学报,2003,14(6):1120-1126. 被引量：19
2饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统[J].软件学报,2003,14(4):798-803. 被引量：134
3张琨,许满武,张宏,刘凤玉.基于一种相对Hamming距离的入侵检测方法——RHDID[J].计算机学报,2003,26(1):65-70. 被引量：12
4励晓健,黄勇,黄厚宽.基于Poisson过程和Rough包含的计算免疫模型[J].计算机学报,2003,26(1):71-76. 被引量：5

二级参考文献24

1[1]Crosbie M, Spafford E. Defending a computer system using autonomous agents. In: Proceedings of the 18th National Information Systems Security Conference,Baltiore,MD, 1995. 549～558
2[2]Lee W, Stolfo S J. Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium, Berkeley, 1998.26～29
3[3]Frank J. Artificial intelligence and intrusion detection: Current and future directions. In: Proceedings of the 17th National Computer Security Conference, Washington, DC, 1994. 23～33
4[4]Sobirey M, Richter B, Konig H. The intrusion detection system AID-architecture and experiences in automated audit analysis. In: Proceedings of IFIP TC6/TC11 International Conference on Communications and Multimedia Security at Essen,Germany, 1996. 278～290
5[5]King R L, Russ S H, Lambert A B et al. An artificial immune system model for intelligent agents. Future Generation Computer Systems, 2001,17:335～343
6[6]Dasgupta D, Forrest S. Artificial immune systems in industrial applications. In: Proceedings of the 2nd International Conference on Intelligent Processing and Manufacturing of Materials (IPMM), Honolulu, 1999. http://www. cs. unm. edu/～forrest/publications/dasgupta. pdf
7[7]Oprea M, Forrest S. How the immune system generates diversity: Pathogen space coverage with random and evolved antibody libraries. In: Proceedings of 1999 Genetic and Evolutionary Computation Conference, Orlando, FL, 1999. 1651～1656
8[8]Forrest S et al. Computer immunology. Communications of the ACM, 1997, 40(10):88～96
9[9]Hofmeyr S A, Forrest S. Immunity by design: An artificial immune system. In: Proceedings of 1999 GECCO Conference, San Francisco, 1999. 1289～1296
10[10]Percus J K, Percus O E, Perelson A S. Predicting the size of the antibody-combining region from consideration of efficient self/nonself discrimination. In: Proceedings of the National Academy of Science 90, Washington,DC, 1993. 1691～1695

共引文献162

1李洋,方滨兴,郭莉.基于TSVM分类的网络入侵检测方法[J].计算机研究与发展,2007,44(z2):198-202.
2张相锋,孙玉芳,赵庆松.基于系统调用子集的入侵检测[J].电子学报,2004,32(8):1338-1341. 被引量：10
3戚湧,张琨,刘凤玉,衷宜.基于生物免疫学的分布式入侵检测系统模型[J].计算机工程与设计,2004,25(4):481-483. 被引量：7
4徐慧,刘凤玉.多特征融合的入侵检测[J].计算机工程,2004,30(15):103-105. 被引量：10
5张琨,许满武,刘凤玉,张宏.基于支持向量机的异常入侵检测系统[J].计算机工程,2004,30(18):43-45. 被引量：7
6荆守波,高鹏翔.基于相空间重构和一类分类的异常入侵检测[J].电脑开发与应用,2004,17(8):11-12.
7刘评,汤志国,于海峰.网络入检测的快速规则匹配算法[J].海军工程大学学报,2004,16(5):71-73. 被引量：2
8翟素兰,郑诚,乐毅.用改进的权值树进行入侵检测[J].微机发展,2004,14(12):62-64. 被引量：2
9杨敏,张焕国,傅建明,罗敏.基于支持向量数据描述的异常检测方法[J].计算机工程,2005,31(3):39-42. 被引量：17
10王勇,杨辉华,王行愚,何倩.基于最小二乘支持向量机的Linux主机入侵检测系统[J].计算机工程与应用,2005,41(2):120-124. 被引量：4

1王英泽,乔佩利.一种数据挖掘技术在入侵检测系统中的应用[J].科技咨询导报,2007(7):24-24.
2李萍,吴金霖,陈一民.基于系统调用的主机安全分析[J].微型电脑应用,2013(6):25-30.
3陈媛媛,杜静.入侵检测分类算法的研究[J].机械工程与自动化,2006(4):58-59. 被引量：1
4靳燕,姚悦.Boosting方法在网络攻击分类中的性能分析[J].网络空间安全,2016,7(6):25-28. 被引量：2
5HU Dan,LI HongXing,YU XianChuan.The information content of rules and rule sets and its application[J].Science in China(Series F),2008,51(12):1958-1979. 被引量：4
6饶鲜,董春曦,杨绍全.基于支持向量机的入侵检测系统[J].软件学报,2003,14(4):798-803. 被引量：134
7冀汶莉.基于RIPPER短序列匹配算法在入侵检测中的优化研究[J].兰州工业高等专科学校学报,2007,14(1):1-4. 被引量：2
8ZHAO Wen-qing ZHU Yong-li JIANG Bo.A classification model based on SVM and rough set theory[J].通讯和计算机（中英文版）,2008,5(2):42-45.
9王红军,徐小力.基于RIPPER的旋转机械故障诊断知识获取[J].计算机工程与应用,2007,43(28):210-213. 被引量：1
10赵玉明,滕少华,张巍,伍乃骐.异常入侵检测中数据挖掘技术RIPPER的应用[J].广东工业大学学报,2005,22(3):48-52. 被引量：2

Journal of Beijing Institute of Technology

2005年第3期

浏览历史

内容加载中请稍等...

Classification Model with High Deviation for Intrusion Detection on System Call Traces

参考文献4

二级参考文献24

共引文献162

相关作者

相关机构

相关主题

浏览历史