摘要
从系统资源保护的角度出发,分析并归纳了进程访问资源的异常行为特征,提出了一种基于行为分析的程序异常检测方法。该方法通过在运行的系统上设置资源防护检查点,采用用户模式API拦截技术实时检测进程操作资源的行为,并运用贝叶斯算法对程序行为特征作组合分析,发现异常时进行告警。
For the purpose of protecting system resource, process behaviors anomaly at runtime was analyzed and summarized, and a program anomaly detection approach was put forward based on behaviors analysis. By setting check-points on running system, API hook under user-mode was used to detect process behaviors on operating resources, and Bayes algorithm was used to estimate the validity of program behaviors. An alarm would be given when detecting anomaly.
出处
《计算机应用》
CSCD
北大核心
2008年第10期2492-2494,共3页
journal of Computer Applications
关键词
系统资源
进程
行为特征
拦截
贝叶斯算法
system resource
process
behavioral characteristics
hook
Bayes algorithm
