摘要
击键特征是一种能反映用户行为的动态特征,可作为识别用户的信息源。传统方法不仅要求收集大量击键样本来建立识别模型,并且同时需要正例样本与反例样本。但在实际应用中,需要用户提供大量的训练样本是不现实的,并且反例样本收集比正例样本收集困难。为此,提出一种新的以击键序列为信息源的主机入侵检测模型。在小样本和仅有正例的情况下,通过One-Class支持向量机(OCSVM)来训练检测模型,通过对用户的击键行为是否偏离正常模型来检测入侵。仿真实验结果表明该模型具有较好的检测效果。
The keystroke sequences are dynamic behaviors which can be used to measure users' characteristics,so it has many advantages to indicate users in system.Previous work in this area has shown the keystroke sequences as a real possibility to authenticate a user,but it needs a large user's and imposter's data set to establish a keystroke detection model,that's impossible in practice,otherwise,it is more difficult to get imposter's patterns than normal user's.In this paper,we present an anomaly detection model based on keystroke sequences,by using OCSVM algorithm,it only needs a few owner's patterns to establish an anomaly detection model.Experimental results show that the OCSVM algorithm is promising.
出处
《计算机工程与应用》
CSCD
北大核心
2007年第15期140-143,共4页
Computer Engineering and Applications
基金
四川省教育厅重点项目(the Key Project of Department of Education of Sichuan Province of China under Grant No.2005A117) 。
