期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于特征模式的马尔可夫链异常检测模型 被引量:6

Markov Chain Anomaly Detection Model Based on Characteristic Patterns
下载PDF
导出
摘要 为提高检测精度,同时保持算法复杂度在可接受范围内,提出基于特征模式的马尔可夫链异常检测模型。提取所有支持度大于阈值的系统调用短序列为特征模式,在此基础上建立改进的马尔可夫模型CPMC。在检测时,用程序轨迹匹配特征模式,计算其在CPMC模型下的概率,概率小则代表异常。实验表明,该方法的检测精度高于目前常见的几种单一方法,与DBCPIDS方法的精度近似相等,但其计算复杂度更低。 In order to improve the accuracy and maintain an acceptable algorithm complexity, this paper proposes a new method for anomaly detection based on characteristic patterns and Markov chain model. It extracts the short sequence of system calls as a characteristic pattern if this sequence satisfies the certain support degree, and proposes an improved Markov model CPMC on this basis. When detecting intrusions, it uses the program trace to match characteristic patterns, and calculates the trace's probability under CPMC model. Small probability means anomaly. Experimental results show that higher detection accuracy can be got than that with other current single methods. Compared with DBCPIDS, the method has the approximate accuracy but lower computational complexity.
作者 孙美凤 黄飞 陈云菁 殷新春
机构地区 扬州大学信息工程学院
出处 《计算机工程》 CAS CSCD 北大核心 2008年第24期155-156,159,共3页 Computer Engineering
关键词 特征模式 系统调用 马尔可夫模型 characteristic patterns system call Markov model
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献6

  • 1Forrest S, Hofmeyr S A, Somayaji A, et al. A Sense of Self for Unix Processes[C]//Proceedings of the IEEE Symposium on Security and Privacy. Oakland, California:[s. n.], 1996.
  • 2Wespi A, Dacier M. Intrusion Detection Using Variable-length Audit Trail Pattems[C]//Proc. of the 3rd International Workshop on the Recent Advances in Intrusion Detection. Toulouse, France: [s. n.], 2000.
  • 3Ye Nong. A Markov Chain Model of Temporal Behavior for Anomaly Detecfion[C]//Proc. of IEEE Workshop on Information Assurance and Security. [S. l.]: IEEE Press, 2000.
  • 4Yan Qiao, Xie Weixin, Yang Bin, et al. Anomaly Intrusion Detection Method Based on HMM[J]. Electronics Letters, 2002, 38(13): 663-664.
  • 5林果园,郭山清,黄皓,曹天杰.基于动态行为和特征模式的异常检测模型[J].计算机学报,2006,29(9):1553-1560. 被引量:25
  • 6Hofmeyr S A, Forrest S, Somayaji A. Intrusion Detection Using Sequence of System Calls[J]. Journal of Computer Security, 1998, 6(3): 151-180.

二级参考文献13

  • 1张相锋,孙玉芳,赵庆松.基于系统调用子集的入侵检测[J].电子学报,2004,32(8):1338-1341. 被引量:10
  • 2Forrest S. etal. A sense of self for unix processes. In: John McHugh IEEE Symposium on Security and Privacy Proceedings. Oakland CA: IEEE Computer Society Press, 1996, 120-128
  • 3Lee W. , Stolfo S. J.. Data mining approaches for intrusion detection. In: Proceedings of the 7th USENIX Security Symposium. Berkeley: USENIX, 1998, 79-94
  • 4Liao Yihua, Vemuri V. R. Use of k-nearest neighbor classifier for intrusion detection. Networks and Security, 200, 21(5):438-448
  • 5Lee Wenke, Xiang Dong. Information-theoretic measures for anomaly detection. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Oakland, California, USA, 2001,130-143
  • 6Hofmeyr S. A. , Forrest S. , Somayaji A.. Intrusion detection using sequence of system calls. Journal of Computer Security,1998, 6(3):151-180
  • 7Lane T. , Brodley C. E.. Temporal sequence learning and data reduction for anomaly detection. In: Proceedings of the 5th ACM Conference on Computer & Communication Security,San Francisco, California, USA, 1998, 295-331
  • 8Raman C. V. , Atul Negi. A hybrid method to intrusion deteetion systems using HMM. In: ICDCIT 2005, Lecture Notes in Computer Science 3816, 2005, 389-396
  • 9Kosoresow A. P. , Hofmeyr S. A.. Intrusion detection via system call traces. IEEE Software, 1997, 14(5): 35-42
  • 10Bin Y. , Qiao Y. , Xin X. W. , Ge S.. Anomaly intrusion detection method based on HMM. In: IEEE Electronic Letters Online No: 20020467, 2002, 38(13): 663-664

共引文献24

同被引文献63

引证文献6

二级引证文献51

计算机工程
2008年 第24期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部