基于粗糙集理论的免疫系统设计与实现

Design and Implementation of Artificial Immune System Based on the Theory of Rough Set

下载PDF

导出

摘要文章在深入分析免疫系统的基础上,提出了一种针对系统调用序列的高效低负的异常检测方法,该方法借助粗糙集理论分析进程正常运行时产生的系统调用序列,提取最简的预测规则模型。与其他方法相比,用粗糙集理论建立正常模型要求的训练数据获取简单,生成的小规则集利于实时检测,能更有效地检测进程的异常运行状态。具有这样免疫特性规则模型可以在局部和全局不同层次上检测入侵攻击,具有较好的自适应性、可扩展性和智能性。实验证明该方法的检测效率明显优于其他建模方法。 A high-efficient and low-loading abnormal detecting method aiming at system calls sequences based on complete analyzing the immunity theory is put forward.The method by using the rough set theory analyzes the system calls sequences created by the normal running processes;and extracts a set of forecasting rules model with the minimum size.Compared with other methods,there are some merits using the Rough set theory to create the normal model.Namely,it is simple to get the training data,the small rule set is advantage to real-time detection,and the process＇ abnormal running state can be detected out effectively.The rules modules with the trait of immunity can detect intrusion attack in part and the whole network.These modules have better adaptability,expansibility and intelligence. Experiment results show that the efficiency of the method in this paper is obviously better than other methods.

作者王丽君高超

机构地区鞍山科技大学计算机科学与工程学院

出处《计算机工程与应用》 CSCD 北大核心 2006年第16期129-133,199,共6页 Computer Engineering and Applications

关键词免疫系统入侵检测粗糙集理论系统调用序列 immune system, intrusion detection, rough set theory, system call sequences

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献9

1S Forrest,S A Hofmeyr,A Somayaji et al.A Sense of Self for Unix Processes[C].In:Proceedings of the IEEE Symposium on Security and Privacy, 1996:120-128
2S A Hofmeyr,S Forrest et al.Intrusion Detection Using Sequences of System Calls[J].Jouranl of Computer Security, 1998; 6: 151-180
3C Warrender et al.Detecting Intrusions Using System Calls:Alternative Data Models[C].In:Proceedings of the 1999 IEEE Symposium on Security and Privacy,1999-05
4David Wagncr,Paolo Soto.Mimicry Attack on Host-based Intrusion Detection system[C].In:Proc Ninth ACM Conference on Computer and Communications Security ,2002
5W Lee,S Stolfo,P Chan.Learning Patterns From Unix Process Execution Traces For Intrusion Detection[C].In:Proceedings of AAAI97 Workshop on AI Methods in Fraud and Risk Management,1997:50-56
6Gaurav Tandon,Philip Chan.Leaming Rules From System Call Arguments and Sequences for Anomaly Detection[C].In:ICDM Workshop on Data Mining for Computer Security(DMSEC),2003:20-29
7Asaka M,Onabuta T,Inoue T et al.A new intrusion detection method based on discriminant analysis[J].IEICE Transaction on Information and Systems,2001;E84D(5):570-577
8Pawlak Z.Rough Sets-Theoretical Aspect of Reasoning about Data[M].Dordrecht:Kluwer Academic Publishers,1991
9http://www.cs.num.edu/-immsec/

1李东晖,杜树新,吴铁军.监控污水处理过程运行状态的加权支持向量机方法[J].化工自动化及仪表,2005,32(1):18-20. 被引量：2
2黄玉波.动态检测进程与特定程序封杀的研究[J].科技广场,2008(10):76-78.
3张海鹏,李曦.操作系统中的死锁检测[J].计算机系统应用,2013,22(10):14-18. 被引量：1
4姜梅,刘萌,王卓.一个基于生物免疫系统的网络安全模型[J].青岛理工大学学报,2007,28(5):5-8. 被引量：3
5王珺,陈军.人工免疫系统和云模型用于图像分割[J].计算机工程与应用,2009,45(36):158-160.
6蔡忠闽,管晓宏,邵萍,彭勤科,孙国基.基于粗糙集理论的入侵检测新方法[J].计算机学报,2003,26(3):361-366. 被引量：57
7戴小鹏,喻飞,张林峰,沈岳.基于系统调用的入侵检测系统研究[J].计算机工程,2007,33(10):144-146.
8方红琴.动态环境下具有免疫特性的自适应网络安全模型[J].微计算机应用,2004,25(4):435-439.
9刘萌,姜梅.基于移动代理和人工免疫的入侵检测模型[J].青岛理工大学学报,2008,29(2):86-90. 被引量：1
10liuke_blue.Ring3下通过查询GDI句柄表来检测进程[J].黑客防线,2010(7):274-276. 被引量：1

计算机工程与应用

2006年第16期

浏览历史

内容加载中请稍等...

基于粗糙集理论的免疫系统设计与实现

参考文献9

相关作者

相关机构

相关主题

浏览历史