摘要
入侵检测技术是截止到目前为止最为有用的网络安全防范工具,而基于系统调用序列的检测方法是其中一个非常重要的分支。然而,寻找不定长模式确是这类研究中相当困难的一个任务,设计动态模式提取法,并进一步以此为基础提出了基于马尔可夫的检测方法。最后通过大量试验及与现有算法的比较证明了此方法的有效性,即能在两个传统评价指标(检测率和误报率)上取得更好的结果。
Intrusion detection is one of the most effectiveness network security defense and it is getting more and more attentions. The research of anomaly detection methods based on system call sequences is an important branch in the research of host-based intrusion detec- tion. Variable-length patterns seem to be more naturally suited to model the process behavior, but they are also more difficult to construct from system call sequences. In this paper,a novel method is proposed to construct variable-length patterns by using dynamically extracting information from call stack of the process. Then a Markov chain model is constructed based on variable-length patterns to detect abnormal behaviors. The experimental results in- dicate that compared with traditional method, the proposed method can generate a smaller set of patterns and obtain better results compared with traditional method.
作者
魏彬
WEI Bin(Engineering College of Cryptographic, Engineering University of PAP, Xi'an 710086 ,Chin)
出处
《武警工程大学学报》
2018年第2期39-43,共5页
Journal of Engineering University of the Chinese People's Armed Police Force
基金
国家社科基金项目“网络异常评论挖掘算法研究及应用”(16BTJ033)
关键词
入侵检测
系统调用
不定长序列
马尔可夫模型
intrusion detection
system call
variable-length sequence
markov model
