摘要
基于时序、频率等特性,系统调用序列已成为基于主机的入侵检测系统重要的数据源之一,然而,基于主机的入侵检测系统相当脆弱。提出利用虚拟机来健壮主机入侵检测的数据采集,并通过实验从虚拟机外部采集了系统调用序列号,从理论和试验的角度证明了该方法的正确性;同时还对虚拟环境占用CPU时间的百分比进行了分析,证明了该方法的可行性。
Sequence of system calls has already become an important data resource of host-based intrusion detection system based on its sequential and frequency characteristics.However,the host-based intrusion detectors are particularly vulnerable.This article proposes a way of strengthening host-based intrusion detection data collection with virtual machine,it collects sequence numbers of the system calls outside the virtual machine via experiment and proves the correctness of the method in view of theory and experiment.Furthermore,in the article the percentage of CPU time the virtual environment occupied is analysed,which proves the feasibility of the method.
出处
《计算机应用与软件》
CSCD
2010年第4期130-132,142,共4页
Computer Applications and Software
基金
山西自然科学基金(2008021025)
关键词
系统调用
数据采集
实验研究
虚拟机
入侵检测
System calls Data collection Experiment research Virtual machine Intrusion detection
