摘要
利用非负矩阵分解对系统监控的特权程序行为进行检测,进而发现异常的入侵行为.在矩阵分解过程中采用Alpha散度作为度量标准,并引入遗传规划算法对非负矩阵分解中的误差函数进行优化.实验中,对新墨西哥大学的Sun SPARC工作站上获取的系统调用数据和CICIDS2017数据集进行了测试,测试结果表明,该方法相对于传统的检测方法而言,在入侵检测精度方面具有良好性能.
In the paper,nonnegative matrix factorization has been used to detect privileged program behavior of system monitoring,and then abnormal intrusion behavior been found.In the process of matrix factorization,Alpha-divergence is used as the measurement standard,and genetic programming algorithm is introduced to optimize the error function in non-negative matrix factorization.In the experiment,we have tested the system call data obtained from the Sun SPARC workstation of the University of New Mexico and CICIDS2017 data set.The experiment results show that our method has good performance in intrusion detection for detection accuracy.
作者
吴渝
彭茂玲
钱仁飞
马哲峰
陈善雄
WU Yu;PENG Mao-ling;QIAN Ren-fei;MA Zhe-feng;CHEN Shan-xiong(Chongqing Police College, Chongqing 401331, China;Chongqing City Management College, Chongqing 401331, China;Ningbo Dafa Chemical Fiber Company Limited, Ningbo Zhejiang 315336, China;College of Computer and Information Science, Southwest University, Chongqing 400715, China)
出处
《西南师范大学学报(自然科学版)》
CAS
北大核心
2020年第9期139-146,共8页
Journal of Southwest China Normal University(Natural Science Edition)
基金
国家自然科学基金项目(61303227)
重庆市自然科学基金项目(cstc2020jcyj-msxm2695)
中国博士后基金项目(2015M580765)
重庆市博士后科研项目(Xm2016041)
中央高校基本科研业务费项目(XDJK2018B020).
关键词
入侵检测
系统调用
非负矩阵分解
遗传规划
intrusion detection
system call
nonnegative matrix factorization
genetic programming