摘要
针对现有虚拟化环境客户操作系统中对Rootkit检测存在误判率高、无法检测未知Rootkit等问题,提出了一种基于神经网络专家系统的Rootkit检测方法(QPSO_BP_ES)。该方法将神经网络与专家系统相结合,利用其各自的优势构成检测系统。在实际检测时,首先捕获事先选取出来的Rootkit典型特征行为,然后通过训练好的神经网络专家系统来检测客户操作系统中是否存在Rootkit。最后通过实验表明,QPSO_BP_ES检测系统模型可以降低误判率,有效地检测已知和未知的Rootkit。
In order to solve the problems about the high misjudgment ratio of Rootkit detection and undetectable unknown Rootkit in the virtualization guest operating system, a Rootkit detection method(QPSO BP ES) based on neural network expert system was proposed. The detection system combines neural network with expert system, which can take advantage of them. In the actual detection, QPSO BP ES firstly captures the previously selected Rootkit's typical characteristic behaviors. And then, the trained system detects the presence of Rootkit. The experimental results show that QPSO BP ES can effectively reduce the misjudgment ratio and detect both known and unknown Rootkit.
出处
《计算机科学》
CSCD
北大核心
2015年第8期175-179,共5页
Computer Science
基金
国家863计划基金项目(2008AA01Z404)
国防预研基金项目(910A26010306JB5201)资助