摘要
在分析已有通过系统序列调用分析入侵行为的基础上,提出了一种基于遗传算法的系统调用序列审计算法。该算法首先从系统运行的进程中截获并生成系统调用序列,并通过遗传算法对其进行演化,来达到对未知攻击调用序列审计的目的。算法的规则中使用通配符可以大大减少审计规则的数量,从而提高审计系统的运行效率,最后分析了通配符个数以及信任度对规则数量和准确率的影响。
After analyzing old audit algorithm about system call,an Audit Algorithm Based on Genetic algorithm(AABG) is proposed in this paper.The system call of running process is intercepted according to the requirement of genetic algorithm.At the course of auditing,the rule of audit is evolved by genetic algorithm,thus the unknowed attack can be analyzed.At the same time the wildcard in the rules can greatly reduce the number of audit rules,which results to improve the efficiency of the audit.Finally, the relation,which the number of wildcards and credibility impact the number of rules and veracity,is analyzed.
出处
《计算机工程与应用》
CSCD
北大核心
2008年第20期118-120,共3页
Computer Engineering and Applications
基金
国家高技术研究发展计划(863)(the National High- Tech Research and Development Plan of China under Grant No.2006AA01Z406)
河南省教育厅资助项目(the Project of Department of Education of Henan Province, China under Grant No.2008B520045)
中原工学院青年骨干教师项目
关键词
系统调用
遗传算法
通配符
信任度
system call
Genetic Algorithm
wildcard
credibility
