期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种基于最大熵原理系统异常检测模型研究 被引量:1

Research on an Abnormal Detect Model for System Call Sequence Using Maximum Entropy Principle
下载PDF
导出
摘要 大多数基于系统调用序列分析的系统异常检测方法在对系统调用序列裁减和特征提取过程中没有客观评估特征表述进程行为的能力,其结果造成了许多误警、漏警问题,影响了检测性能.提出了一种基于最大熵原理的系统异常检测模型,通过计算互信息量和Z测试实现特征提取,通过构建最大熵模型实现特征评估与检测分类器.通过改进BloomFilter算法实现高效的特征查找或匹配.较好的改善了系统异常检测的性能,对比实验结果证明,该检测模型能够以较高的精确度及时的检测出异常攻击行为. Now most of the Abnormal Detect Methods based on System Call Sequence analysis can't evaluate the capability of features characterizing process's behavior in the process of system call sequence reduction and feature selection, which causes many missed warnings and performance problems. In this paper, we propose a new abnormal detect model using maximum entropy principle, which achieves feature selection using mutual information and Z-Test, feature evaluation and systematizer using maximum entropy model. , and an efficient searching and matching process by reforming the Bloom Filter algorithm. In this way , our model may improve the performance of the system abnormal detecting greatly. A contrast experiment has been testified that we can find out the abnormal attack behavior immediately on a higher orecision level.
作者 张健 陈松乔
机构地区 中南大学信息科学与工程学院计算机应用技术系
出处 《小型微型计算机系统》 CSCD 北大核心 2008年第4期643-648,共6页 Journal of Chinese Computer Systems
关键词 系统调用序列 系统调用短序列 最大熵模型 特征提取 system call sequences system call short sequence maximum entropy principle feature selection
分类号 TP18 [自动化与计算机技术—控制理论与控制工程]
  • 相关文献

参考文献3

二级参考文献32

  • 1尹清波,张汝波,李雪耀,王慧强.基于动态马尔科夫模型的入侵检测技术研究[J].电子学报,2004,32(11):1785-1788. 被引量:9
  • 2[1]Forrest S ,Hofimeyr S A ,Somaysji A .A Sence od self for unix processes[C]. In: Proceeding of the 1996 IEEE Symposium on Security and Privacy :120-128.
  • 3[2]Jou Y, Gong F, Sargor C, Wu X et al.Design and implementation of a scalable intrusion detection system for the protection of network infrastructure[C]. DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC. 2000:203-211.
  • 4[3]Eckmann S T, Vigna G and Kemmerer R, STATL: An attack language for state-based intrusion detection[C]. In:Proceeding of the ACM Workshop on Intrusion Dection, 2000,110-118.
  • 5[4]Vigna G, Eckmann S T, and Kemmerer R. The STAT tool suite[C]. In:Proceedings of the IEEE Information Survivability Workshop, Boston, October 2000,121-130.
  • 6Ye N. A Markov chain model of temporal behavior for anomaly detection. In: Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, West Point, NY, 2000, 166~169
  • 7Jha S., Tan K., Maxion R.A., Roy A. Markov chains, classifiers and intrusion detection. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop, Cape Breton, Nova Scotia, 2001, 206~219
  • 8Hofmeyr S.A., Forrest S., Somayaji A. Intrusion detection using sequences of system calls. Journal of Computer Security, 1998, 6(3): 151~180
  • 9Lee W., Dong X. Information-Theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, 2001, 130~143
  • 10Eskin E., Lee W., Stolfo S.J. Modeling system calls for intrusion detection with dynamic window sizes. In: Proceedings of the DARPA Information Survivability Conference and Exposition II (DISCEX II), Anaheim, CA, 2001, 165~175

共引文献72

同被引文献20

  • 1蔡谊,郑志蓉,沈昌祥.基于多级安全策略的二维标识模型[J].计算机学报,2004,27(5):619-624. 被引量:28
  • 2Sandhu R S, Samarati P. Access control: principle and practice [J]. Communications Magazine, IEEE, 1994,32 (9) 40-48.
  • 3Yang Kan, Jia X H. Expressive, Efficient, and Revocable Data Access Control for Multi-Authority Cloud Storage [J]. IEEE Transactions on Parallel and Distributed Systems, 2014,25 (7) ; 1735-1744.
  • 4Lan Zhou, Varadharajan V, Hitchens M. Achieving Secure Role- Based Access Control on Encrypted Data in Cloud Storage[J]. IEEE Transactions on Information Forensics and Security, 2013,8(12) : 1947-1960.
  • 5Bell D E, LaPadula L J. Secure Computer Systems: Mathematical Foundations: ESD-TR-73-278, I (AD) 770768[R]. Bedford, UK.. MITRE Corporation, 1973.
  • 6Bell D E, LaPadula L J. Secure Computer System: A Mathemati- cal Model [R]. Bedford, MA: Electronic Systems Division, Air Force System Command, Hanscom AFB, 1973.
  • 7Shen Ying,Xiong L R. Lattic based BLP extended model [C// Proc of the 2nd International Conference on Future Information Technology and Management Engineering. 2009:309-312.
  • 8Lee T M P. Using mandatory integrity to enforce "commercial" security[C]//Proc of IEEE Conference on Security and Privacy. Washington DC: IEEE Computer Society, 1998:140-146.
  • 9Schell R, Tao T F, Heckmn M. Designing the GEMSOS security kernel for security and perforraanee[C]//Proc of the 8th Na- tional Computer Security Conference. 1985:108-119.
  • 10Yamaguchi F, Lindner F, Rieck K. Vulnerability extrapolation: Assisted discovery of vulnerabilities using machine learning[C]// Proceedings of the 5th USENIX Conference on offensive Tech- nologies. USENIX Association, 2011 : 13-13.

引证文献1

二级引证文献5

小型微型计算机系统
2008年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部