摘要
伪装入侵是指攻击者冒充合法用户的身份并恶意使用该用户权限,这对信息系统安全构成了严重威胁。通过分析用户的行为,学习并构建正常用户的行为模式进行伪装检测,旨在识别异常行为并确定入侵者。在现有研究的基础上,设计了新的基于命令序列的多层感知器(MLP)和随机森林(Random Forest)伪装入侵检测模型。实验结果表明,提出的两种方法在检测精度和检测代价上皆取得了较好结果。
A masquerade attack refers to the attacker impersonating legal user's identity and malicious use of the user permissions, and this constitutes a serious threat to information system security. By analyzing user behaviors, learning and constructing a normal user's behavior pattern, the masquerader is detected, aiming to identify the abnormal behavior and lock the intruder. Based on the existing research, the novel command-sequence-based MLP (multilayer perceptron) and the random forest masquerading intrusion detection model are proposed and designed. The experimental results indicate that the proposed two methods could acquire fairly good results in terms of detection accuracy and cost.
作者
汤雨欢
施勇
薛质
TANG Yu-huan;SHI Yong;XUE Zhi(School of Electronic Information and Electrical Engineering, Shanghai Jiaotong University, Shanghai 200240, Chin)
出处
《通信技术》
2018年第5期1148-1153,共6页
Communications Technology
基金
国家自然科学基金重点项目(No.61332010)~~
关键词
伪装入侵检测
用户行为建模
多层感知器
随机森林
分类算法
masquerade intrusion detection
user-behavior modeling
multilayer perceptron
random forest
classification algorithm
