摘要
针对Windows系统入侵检测的不足,研究并借鉴Linux下基于系统调用序列进行入侵检测的方法,提出一种采用BP神经网络算法对Windows Native API序列学习和分类的内核级主机入侵检测方案。通过实验,验证了采用Windows Native API序列进行系统入侵的可行性。Native API是Windows系统内核模式下的API,可以类比于Linux下的系统调用。通过训练神经网络学习Native API序列,建立一个对正常和异常Native API序列进行分类的BP神经网络。在入侵检测时,利用训练后的神经网络对不断出现的Windows Native API序列进行分类,判断系统是否出现异常入侵。
Considering the shortcomings of Windows system intrusion detection and the advantages of the Linux system intrusion detection based on the sequence of the system call,a kernel-level host intrusion detection program based on the BP neural network algorithm to study and classify the sequence of Windows Native API is proposed in this paper.Experiment results prove that the sequence of Native API can be used for intrusion detection.Windows Native API means the kernel model API,which is simi lar to the Linux system call.The neural network is trained to learn the normal and abnormal sequence of Native API.In the intrusion detection,use the trained neural network to classify the emerging Native API sequence,and find whether the intrusion happens.
出处
《计算机工程与应用》
CSCD
北大核心
2008年第18期109-112,共4页
Computer Engineering and Applications
基金
国家自然科学基金(the National Natural Science Foundation of China under Grant No.60702071)
国家教育部新世纪人才支持计划(the New Century Excellent Talent Foundation from MOE of China under Grant No.NCET- 06- 0811)
四川省科技厅应用基础研究基金(No. 2006J13~065)
