期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

概率后缀树在入侵检测中的应用研究 被引量:3

Applying probabilistic suffix tree to intrusion detection
下载PDF
导出
摘要 系统调用序列能够反映系统进程的行为特征。而系统调用序列中每个调用的出现都与它之前出现的若干个调用相关。因此可以利用概率后缀树(PST)对系统调用序列建模,反映系统调用基于上下文的概率特性。提出了系统调用序列异常度的定义。在进行序列的异常检测时,先利用正常系统调用序列训练PST模型,然后通过该模型,利用计算未知系统调用序列的异常度,根据给定的阈值判断该序列是否异常。实验表明这一度量对于正常进程与异常进程有着良好的区分效果。 System call trace is one of the behavior characters of system process.Each system call of the trace depends on a few previous system calls.Thus,probabilistic suffix tree is used to model the system call trace,and capture the probabilistic characteristic of the system call.Two definitions of abnormal metric are given.When detecting the abnormal trace,train the PST with normal system call traces,and then calculate the abnormal metric of each trace,which is used to compare with a given limit.Experiment shows that this measurement can well distinct normal process from abnormal process.
作者 郑琪 蒋盛益 汤庸
机构地区 中山大学中山医学院 广东外语外贸大学信息科学与技术学院
出处 《计算机工程与应用》 CSCD 北大核心 2010年第23期79-81,共3页 Computer Engineering and Applications
基金 国家自然科学基金No.60673191 广东省高等学校自然科学研究重点项目(No.06Z012)~~
关键词 入侵检测 系统调用序列 概率后缀树 intrusion detect system call trace probabilistic suffix tree
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献8

  • 1Forrest S, Hofmeyr S A.A sense of self for Unix processes[C]// Proceedings of the 1996 IEEE Symposium on Security and Privacy,Oakland,USA.IEEE Computer Society Press,1996:120-128.
  • 2Ye N.A Markov chain model of temporal behavior for anomaly detection[C]//Proceedings of the 2000 IEEE Systems, Man, and Cybernetics Information Assurance and Security Workshop, United States Military Academy, West Point,NY.IEEE Computer Society Press,2000:171-174.
  • 3张响亮,王伟,管晓宏.基于隐马尔可夫模型的程序行为异常检测[J].西安交通大学学报,2005,39(10):1056-1059. 被引量:16
  • 4Bejerano G, Yona G.Variations on probabilistic suffix trees:statistical modeling and prediction of protein families[J].Bioinformatics,2001,17( 1 ) :23-43.
  • 5Begleiter R,EI-Yaniv R,Yona G.On prediction using variable order Markov models[J].Journal of Artificial Intelligence Research, 2004,22:385-421.
  • 6Apostolico A, Bejerano G.Optimal amnesic probabilistic automata or how to learn and classify proteins in linear time and space[C]//Procecdings of the Fottrth Annual International Conference on Corr utational Molecular Biology, Tokyo, Japan.ACM, 2000: 25-32.
  • 7Computer immune systems data sets[EB/OL].http://www.cs.unm. edu/-immsec/data/synthsm.html.
  • 8Rabiner L R.A tutorial on hidden Markov models and selected applications in speech recognition[J].Proceedings of the IEEE, 1989,77(2) :257-289.

二级参考文献6

  • 1Forrest S, Hofmeyr S A, Somayaji A, et al. A sense of self for Unix processes [A]. 1996 IEEE Symposium on Security and Privacy, Oakland,USA, 1996.
  • 2Lee W, Stolfo S. Data mining approaches for intrusion detection [A]. 7th USENIX Security Symposium, Berkeley,USA, 1998.
  • 3Wang Wei, Guan Xiaohong, Zhang Xiangliang. Profiling program and user behaviors based on non-negative factorization for anomaly intrusion detection [A]. 43rd IEEE Conference on Control and Decision, Nassau, Bahamas,2004.
  • 4Wang Wei, Guan Xiaohong, Zhang Xiangliang. A Novel intrusion detection method based on principal component analysis in computer security [A]. International IEEE Symposium on Neural Networks, Dalian, China,2004.
  • 5Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls: alternative data models [A]. 1999 IEEE Symposium on Security and Privacy, Oakland, USA, 1999.
  • 6Rabiner L R. A tutorial on hidden Markov models and selected applications in speech recognition [J]. Proceedings of the IEEE, 1989,77(2):257-289.

共引文献15

同被引文献33

  • 1杨新旭,王长山,王东琦,郑丽娜.基于隐马尔可夫模型的入侵检测系统[J].计算机工程与应用,2005,41(12):149-151. 被引量:9
  • 2Open GIS consortium OpenGIS geography markup language (GML) implementation specification version3. 1.0 [ EB/OL ]. 2008. http://WWW.opengis.net/grnl.
  • 3Tang Jianzhi, Ran Yingchao, Yang Chongjun, et al. A WebGIS for sha- ring and integration of multi-source heterogeneous spatial data [ C ]// 2011 IEE International Geoscience and Remote Sensing Symposium. 2011:2943 - 2946.
  • 4Yan Dashun,Zhang Lei ,Jiang Shujuan, et al. Study of WebGIS Archi- tecture Based on GML and SVG[ C]//2010 2nd International Confer- ence on Information Science and Engineering. 2010:4023 -4024.
  • 5Guan J H, Zhou S G. GPress:Towards effective GML documents com- pression[ C~//International Conference on Data Englneering,2007: 1473 - 1474.
  • 6Guan J, Zhou S, Chen Y. An effective GML documents compressor [ J ]. IEICE Trans on Information and Systems, 2008, E91-D ( 7 ) : 1982 - 1990.
  • 7Bhatkar S, Chaturvedi A, Sekar R. Dataflow anomaly detection[ C]// Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006:48 - 62.
  • 8Tondon G, Chan P. Learning rules from system calls arguments and se- quences for anomaly detection [ C ]//ICDM Workshop on Data Mining for Computer Security, Melbourne, FL, 2003:20 - 29.
  • 9Tandon G, Chan P. Learning useful system call attributes for anomaly detection [ C ]//Proceedings of the 18m International FLAIRS Confer- ence, 2005:405 -411.
  • 10Qian Quan, Wu Jinlin, Zhu Wei, et al. Improved Edit Distance Meth- od for System Call Anomaly Detection+[ C ]//Proceedings of the 2012 IEEE 12th International Conference on Computer and Information Technology. IEEE Computer Society Washington, DC, USA, 2012: 1097 - 1102.

引证文献3

二级引证文献10

计算机工程与应用
2010年 第23期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部