摘要
目前的入侵检测系统往往利用系统调用序列来设计,而忽略了系统调用序列所运行的数据环境,因此无法应对那些不改变系统调用序列的新型攻击.提出了一种新的入侵检测模型,它结合系统调用序列及其运行的数据环境来进行检测,通过学习系统调用序列的数据取值规则,增强模型的检测能力.实验结果表明,与现有模型相比,该方法具有检测效率高、误警率低及训练阶段时空开销小的优点.
Now the intrusion detection models are usually designed in terms of system call sequence,but not their arguments.This kind of detection model can not effectively deal with new attacks which do not change the system call sequence.To address the problem,this paper supposes a new approach which combines the system calls with their temporal arguments.This approach can strengthen the ability of detection against some new attacks by learning the value-rule of the arguments between system calls.The experiment results illustrate that compared with existent intrusion detection models this approach is more effective,has lower positive warning rate and less time and space consuming within the training phrase.
出处
《微电子学与计算机》
CSCD
北大核心
2008年第11期125-128,共4页
Microelectronics & Computer
基金
国家自然科学基金项目(69873040)
关键词
系统调用
取值规则
异常入侵检测
system call
value rule
abnormal intrusion detection