期刊文献+

基于支撑矢量机和Windows Native API的异常检测方法

Native API Based Windows abnormal Detection Method Using SVM
下载PDF
导出
摘要 借鉴Unix类系统下基于系统调用的主机异常检测理论,通过追踪Windows本机应用编程接口调用序列,对Windows系统下的主机异常检测进行研究.在异常序列检测中,结合使用对小数据集具有较好推广能力的支撑矢量机方法,进而取得较高的检测准确率.实验表明Native API可为Windows平台下基于主机的异常检测系统提供一种可能的数据源. According to the study of host abnormal detection based on system calls under UNiX-like systems, this paper completes the similar research via tracing the sequences of Windows Native APIs (Application Programming Interfaces, APIs) under Windows platform. In the process of abnormal sequence detection, the SVM(Support Vector Machine) method is used for its generalization capability in small-scale dataset and a high accuracy of detection is obtained. The experimental results show that Windows Native APIs are possible data source for the host abnormal detection system under Windows platform.
作者 余景景 强宁
出处 《陕西师范大学学报(自然科学版)》 CAS CSCD 北大核心 2007年第4期37-40,共4页 Journal of Shaanxi Normal University:Natural Science Edition
关键词 异常检测 支撑矢量机 Windows本机应用编程接口 abnormal detection support vector machine (SVM) Windows native application programming interface (API)
  • 相关文献

参考文献13

  • 1Forrest S, Hofrneyr SA, Somayaji A, etal. A sense of self for Unix processes[ C] // MeDaniel Patrick. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. Oakland California USA: IEEE. Computer Society Press, 1996: 120-128.
  • 2Michael C, Ghosh A. Simple, state-based approaches to program-based anomaly detection [ J ]. Association for Computing Machinery Transactions on Information and System Security, 2002,5(3) :203-237.
  • 3Wagner D, Dean D. Intrusion detection via smile analysis [C]//Wallach Dan. In Proceedings of the 2001 WEE Symposium on Security and Privacy. Oakland California USA: IEEE Computer Society Press, 2001: 56-169.
  • 4Warrender C, Forrest S, Pearlmutter B. Intrusion detection via static analysis [ C ] //Anupam Datta, In Proceedings of the 1999 IEEE Symposium on Security and Privacy. Oakland California USA: IEEE Computer Society Press, 1999: 133-145.
  • 5Liu Zhen, Bridges S M, Vaughn R B. Combining Static Analysis and Dynamic Learning to Build Accurate Intrusion Detection Models[ C] // Burnham Blaine. The third IEEE International Workshop on Information Assurance. University of Maryland USA- Association for Computing Machinery publisher, 2005:164-177.
  • 6Gary Nebbett.Windows NT/2000本机API参考手册[M].齐纾,等译.北京:机械工业出版社,2001.
  • 7Boser B, Guyon I, Vapnik V. A training algorithm for optimal margin classifiers [ C ] //Haussler David. In Proceedings of the Fifth Annual Workshop on Computational Learning Theory. Pittsburgh Pennsylvania USA: Association for Computing Machinery publisher, 1992:144 - 152.
  • 8Cortes C, Vapnik V. Support-vector network[J]. Machine Learning, 1995, 20: 273-297.
  • 9LinkTrust 1138 Introduction[ EB/OL]. http:// bj. is-one. net/product/break/HIDS/4. html.
  • 10Kienzle DM, Eider MC. Recent worms: A survey and trends[ C]// Savage Stefan. The Workshop on Rapid Malcode (WORM 2003). Washington: Association for Computing Machinery publisher, 2003:1-10.

共引文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部