摘要
提出了一种基于HMM的用户行为异常检测的新方法,用shell命令序列作为审计数据,但在数据预处理、用户行为轮廓的表示方面与现有方法不同。仿真实验结果表明,本方法的检测效率和实时性相对较高,在检测准确率方面也有较大优势。
A method of user behavior anomaly detection was presented. The method constructs specific hidden Markov model (HMM) with shell commands as audit data. The method is different with other references on data preprocessing and representing the behavior profiles of users. The results of computer simulation show the method presented can achieve high detection accuracy and practicability.
出处
《电子技术应用》
北大核心
2011年第7期156-158,共3页
Application of Electronic Technique