基于频繁子图挖掘的异常入侵检测新方法被引量：1

Novel anomaly intrusion detection algorithm based on frequent subgraph mining

下载PDF

导出

摘要针对传统的基于系统调用序列的异常入侵检测方法中离线学习过程对训练数据量过于依赖的问题,引入频繁子图挖掘理论,利用系统调用序列转换为有向图结构后所特有的衍生能力,能够以较小的训练数据规模获取数量可观且行之有效的衍生特征模式。实验结果表明,经扩充的特征模式集能够有效提高对未知程序行为的鉴别能力。同时,将系统调用序列的局部特性与全局特性相结合,为变长特征模式的提取提供了一个较为合理的参考。 To overcome the limitation that off-line learning process was overly dependent upon the amount of training data in traditional anomaly intrusion detection methods,introduced frequent subgraph mining theory,combining with the unique derivative ability of the directed graph transformed from the system call sequence,could obtain large quantities of derivative patterns via a relatively small scale of training data.Experimental results indicate that the extended pattern set can effectively increase the detecting ability for the unknown behavior.Meanwhile,with the integrated consideration of local and global characteristic in system call sequence,proposed a reasonable method for constructing the variable-length patterns.

作者刘辉王俊峰佘春东

机构地区四川大学计算机学院北京邮电大学电子工程学院

出处《计算机应用研究》 CSCD 北大核心 2011年第3期1122-1126,1129,共6页 Application Research of Computers

基金国家"863"计划资助项目(2008AA01Z208 2009AA01Z405) 国家自然科学基金资助项目(60772150)

关键词异常入侵检测系统调用序列频繁子图挖掘衍生特征模式 anomaly intrusion detection system call sequence frequent subgraph mining derivative pattern

分类号 TP393.08 [自动化与计算机技术—计算机应用技术]

引文网络
相关文献

参考文献17

1FORREST S,HOFMEYR S A,SOMAYAJI A,et al.A sense of serf for UNIX processes[C] //Proc of IEEE Symposium on Security and Privacy.1996:120-128.
2Tian Xinguang,Duan Miyi,Sun Chunlai,Li Wenfa.Intrusion detection based on system calls and homogeneous Markov chains[J].Journal of Systems Engineering and Electronics,2008,19(3):598-605. 被引量：8
3ZENG Fan-piog,YIN Kai-tao,CHEN Ming-hui,et al.A new anomaly detection method based on rough set reduction and HMM[C] //Proc of the 8th IEEE/ACIS International Conference on Computer and Information Science.2009:285-289.
4YU Zhen-wei,TSAI J J P,WEIQERT T.An automatically tuning intrusion detection system[J].IEEE Trails on Systems,Man,Cybernetics-Pact B:Cybernetics,2007,37 (2):373-384.
5TU Hai-ying,ALLANACH J,SINGH S,et al.Information integration via hierarchical and hybrid Bayesian networks[J].IEEE Trans on System,Man and Cybernetics-Part A:Systems and Humans,2006,36 (1):19-33.
6LEMOS R D,TIMMIS J,AYARA M.Immune-inspired adaptable error detection for automated teller machines[J].IEEE Trans on Systems,Man,and Cybernetics-Part C:Application and Reviews,2007,37(5):873-886.
7HAN San-jun,CHO S B.Evolutionary neural networks for anomaly detection based on the behavior of a program[J].IEEE Trans on Systems,Man,and Cybernetics-Part B:Cybernetics,2006,36 (3):559-570.
8MUTZ D,VALEUR F,VIGNA G.Anomalous system call detection[J] ACM Trans on Information and System Secunty,2006,9 (1):61-93.
9FENG Li,WANG Wei,ZHU Li-na,et al.Predicting intrusion using dynamic Bayesian network with transfer probability estimation[J].Journal of Network and Computer Applications.2009,32 (3):721-732.
10TAN Xian-bin,XI Hong-sheng.Hidden semi-Markov model for anomaly detection[J].Applied Mathematics and Computation,2008,205 (2):562-567.

<12 >

二级参考文献16

1Verwoerd T, Hunt R. Intrusion detection techniques and approaches.Computer Communication, 2002, 25(15):1356- 1365.
2Lee W, Dong X. Information-theoretic measures for anomaly detection. Proc. of the IEEE Symposium on Security and Privacy, Oakland, USA, 2001: 130-134.
3Ye N, Emran S M, Chen Q, et al. Multivariate statistical analysis of audit trails for host-based intrusion detection. IEEE Trans. on Computers, 2002, 51(7): 810-820.
4Tian X G, Gao L Z, Sun C L, et al. A method for anomaly detection of user behaviors based on machine learning. The Journal of China Universities of Posts and Telecommunications, 2006, 13(2):61-65.
5Forrest S, Hofmeyr S A, Somayaji A. Computer immunology. Communications of the ACM, 1997, 40(10): 88-96.
6Lane T, Brodley C E. Temporal sequence learning and data reduction for anomaly detection. ACM Trans. on Information and System Security, 1999, 2 (3): 295-331.
7Lee W, Stolfo S J. A Framework for constructing features and models for intrusion detection systems. ACM Trans. on Information and System Security, 2000, 3 (4): 61-69.
8Yan Q, Xie W X, Yang B. An anomaly intrusion detection method based on HMM. Electronics Letters, 2002, 38 (13): 663-664.
9Lane T, Carla E B. An empirical study of two approaches to sequence learning for anomaly detection. Machine Learning, 2003, 51(1): 73-107.
10Lane T. Machine learning techniques for the computer security domain of anomaly detection. Purdue University, 2000.

<12 >

共引文献7

1田新广,程学旗,段洣毅,廖睿,刘悦.基于双向核实机制的移动通信终端防伪验证[J].吉林大学学报（信息科学版）,2009,27(4):366-370.
2苏景志,田新广.军工行业信息系统安全风险分析与评估[J].信息安全与通信保密,2010,7(1):64-66. 被引量：1
3田新广,段洣毅,程学旗.基于shell命令和多重行为模式挖掘的用户伪装攻击检测[J].计算机学报,2010,33(4):697-705. 被引量：20
4田新广,程学旗,陈小娟,段洣毅,许洪波.面向Unix和Linux平台的网络用户伪装入侵检测[J].计算机科学与探索,2010,4(6):500-510. 被引量：2
5杨云,宓佳,党宏社.嵌入式入侵检测系统的设计与实现[J].计算机工程与设计,2011,32(1):21-23. 被引量：8
6姚巧鸽,王彩峰.光纤周界入侵振动信号嵌入式实时检测[J].激光杂志,2017,38(7):24-27.
7张凤斌,范学林,席亮.免疫入侵检测多目标优化克隆选择算法研究[J].计算机工程与科学,2018,40(2):261-267. 被引量：1

同被引文献25

1Open GIS consortium OpenGIS geography markup language (GML) implementation specification version3. 1.0 [ EB/OL ]. 2008. http://WWW.opengis.net/grnl.
2Tang Jianzhi, Ran Yingchao, Yang Chongjun, et al. A WebGIS for sha- ring and integration of multi-source heterogeneous spatial data [ C ]// 2011 IEE International Geoscience and Remote Sensing Symposium. 2011:2943 - 2946.
3Yan Dashun,Zhang Lei ,Jiang Shujuan, et al. Study of WebGIS Archi- tecture Based on GML and SVG[ C]//2010 2nd International Confer- ence on Information Science and Engineering. 2010:4023 -4024.
4Guan J H, Zhou S G. GPress:Towards effective GML documents com- pression[ C~//International Conference on Data Englneering,2007: 1473 - 1474.
5Guan J, Zhou S, Chen Y. An effective GML documents compressor [ J ]. IEICE Trans on Information and Systems, 2008, E91-D ( 7 ) : 1982 - 1990.
6Bhatkar S, Chaturvedi A, Sekar R. Dataflow anomaly detection[ C]// Proceedings of the 2006 IEEE Symposium on Security and Privacy, 2006:48 - 62.
7Tondon G, Chan P. Learning rules from system calls arguments and se- quences for anomaly detection [ C ]//ICDM Workshop on Data Mining for Computer Security, Melbourne, FL, 2003:20 - 29.
8Tandon G, Chan P. Learning useful system call attributes for anomaly detection [ C ]//Proceedings of the 18m International FLAIRS Confer- ence, 2005:405 -411.
9Qian Quan, Wu Jinlin, Zhu Wei, et al. Improved Edit Distance Meth- od for System Call Anomaly Detection+[ C ]//Proceedings of the 2012 IEEE 12th International Conference on Computer and Information Technology. IEEE Computer Society Washington, DC, USA, 2012: 1097 - 1102.
10李红娇,李建华.基于程序行为异常检测的数据流属性分析[J].上海交通大学学报,2007,41(11):1778-1782. 被引量：4