摘要
针对广泛使用的Windows平台,建立了一个基于主机的入侵检测实验系统。在深入分析Windows主机的安全特性的基础上,利用安全日志、系统日志、性能日志及文件完整性校验、注册表等多种信息,提出了18项入侵检测特征,并利用支持向量机建立入侵检测器,实现了对多种攻击的检测。实验结果表明,特征选取合理、检测方法有效。
A kind of intrusion detection experimental system on the widely used Windows platform is put forward. On the basis of a thorough analysis of Windows' security properties, 18 variables are suggested to be extracted as intrusion features from Windows' security log, system log, performance log, file integrity check, the changes of registry keys et al, and then support vector machines are used as intrusion detector to find out all sorts of intrusions. The experiment results demonstrate that the extracted features are reasonable selected and the detection method is effective.
出处
《计算机工程》
EI
CAS
CSCD
北大核心
2006年第10期132-134,共3页
Computer Engineering
基金
国家重点基础研究发展规划基金资助项目(2002CB312200)
教育部高校博士点基金资助项目(20040251010)
广西自然科学基金资助项目(桂科基0575094)