摘要
以系统调用序列为对象提出一种新的状态转换检测方法,它结合历史系统调用序列和当前系统调用进行分析,提取直接和间接转换,并采用多元统计方法为转换加入参数,累计异常度.测试表明该模型有较高检测率和可操作性,比原方法更能有效得检测出未知类型入侵.
A new method of the state-transition detection is presented, whose audit datum are form the sequences of system calls. It combines the past sequences of system calls and the present system call to analyze the relativities. The states transform on the condition of the direct or indirect relations. We use a multivariate statistical arithmetic to calculate parameters, which are accumulated as the degree of abnormity in the transition. Comparing with the original ,the result of tests shows that this method detects the unknown intrusions more effectively.
出处
《天津理工大学学报》
2006年第1期9-12,共4页
Journal of Tianjin University of Technology
基金
国家"863"项目基金(2002AA142010)
关键词
入侵检测
系统调用
状态转换
多元统计分析
intrusion detection
system call
state transition
multivariate statistical analysis