基于有监督矢量的量化分析与Markov模型的异常检测方法

An Analysis Based on Supervised Vector Quantization and an Abnormity Detection Method of the Markov Model

下载PDF

导出

摘要从分析特权进程系统调用序列的特点入手,利用矢量量化方法对特权进程的短系统调用序列进行聚类分析,进而利用Markov模型来学习聚类之间的时序关系。本方法在矢量量化中利用动态分裂算法对短系统调用序列进行聚类分析,增大了正常进程系统调用序列与异常进程系统调用序列间的差异性;在训练数据集很小的条件下使模型更精小、实时性强、占用系统资源少,适合于实时检测。 Starting with the analysis of the characteristics of command- sequence in process privilege system, this paper uses Vector Quantization method to cluster and analyze short system command - sequence and employs Markov model to study the relationship of timing sequence of clusters. In this paper, the method of using dynamic splitting calculation to cluster and analyze the command- sequence of short system in vector quantization, greatly enhance the othemess between the command - sequence of normal proceeding system and the command- sequence of abnormal proceeding system, and bring out some advantages, such as reducing the model, no timing mistakes, small occupation on system resources, timing check when the sample of practice data is small.

作者陈志建

机构地区重庆青年职业技术学院计算机科学系

出处《煤炭技术》 CAS 北大核心 2009年第9期169-171,共3页 Coal Technology

关键词神经网络入侵检测有监督矢量 MARKOV模型 nerve system in break check monitoring vector markov model

分类号 TP183 [自动化与计算机技术—控制理论与控制工程] TP389 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献9

1J. P. Anderson. Conputer Security Threat Monitoring and Surveillance [J]. Technical report, April 19: 10- 11.
2Lee W, Stolfo S J. Data Mining Approaches for Intrusion Detection [M]. Proceedings of the 7th USENIX Security Symopsium. San Antonio. Texas: the USENIX Association, 1998:26-29.
3Wespi A, Deicer M. Intrusion Detection using Variablelength Audit Trail Patterns [M]. In workshop on the Recent Proceedings of the 3rd International Advances in Intrusion Detection Toulouse. France. 2000: 110- 129.
4E.- Eskin, A. Arnold, M. Prerau. A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data [M]. In D. Barbara and S. Jajodia (editors), Applications of Data Mining in Computer Security, Kluwer, 2002.
5R. M. Gray. Vector Quantization [Z]. IEEE. ASSP, 1984 (1):4- 29.
6Wenjie Hu, Yihua Liao. Robust Support m Computer Security, International Conference on Machine I-earning [J]. Los Angeles, CA, July 2003:235 - 246.
7Warrendor. C, Forrest. S, Pearlmutter. B. Detectinglntrusion Symposium Using System Calls: Alternative Data Models [Z]. IEEE on Security and Privacy, May 1999:324- 329.
8Yeung D. dynardic Ding Yuxin. Host - based intrusion detection using and static behavioral models [ J ]. Pattern Recognition, 2003,36 ( 1 ) : 229 - 243.
9Hiren Shah, Jeffrey Undercoffer, Clustering for Intrusion Detection [Z]. IEEE International Conference on 2003:1277 134.

1陈君,程卫坤,黄干平.基于系统调用的实时IDS方案[J].武汉大学学报（理学版）,2005,51(S2):147-150.
2尹清波,张汝波,申丽然,王慧强,李雪耀.基于矢量量化分析的有监督聚类异常检测方法研究[J].计算机研究与发展,2006,43(z2):414-418. 被引量：1
3杨采坚,吴敏金,张良仪.一种基于小波变换的矢量量化方法[J].华东师范大学学报（自然科学版）,1999(4):38-41.
4宋辛科.基于K-Nearest Neighbor分类算法的异常检测模型[J].西安石油大学学报（自然科学版）,2004,19(2):77-79.
5倪林,边肇祺,王文渊.基于小波变换的级间相关并行矢量量化方法[J].模式识别与人工智能,1995,8(1):57-63. 被引量：2
6林昌,康泰兆.基于自组织特征映射的矢量量化方法[J].南京理工大学学报,1999,23(5):393-396. 被引量：5
7王天江,田刚.基于学习聚类的图像语义检索算法[J].计算机工程与科学,2007,29(3):49-51. 被引量：2
8李万臣,王炼.基于混合神经网络的图像分类矢量量化方法[J].应用科技,2006,33(6):21-23.
9郭立,王宁,朱嘉.图象的自适应遗传算法矢量量化方法[J].电脑与信息技术,1998,6(3):6-8.
10潘梅森,颜君彪.图像块动态调整的自适应差值补偿矢量量化[J].计算机工程与应用,2007,43(7):71-74. 被引量：1

煤炭技术

2009年第9期

浏览历史

内容加载中请稍等...

基于有监督矢量的量化分析与Markov模型的异常检测方法

参考文献9

相关作者

相关机构

相关主题

浏览历史