摘要
叙述了利用粗糙集(Rough Set)理论实现的Linux系统安全日志分析方法。系统以日志记录的记录长度、记录中是否存在非ASCII打印字符以及记录中进程之间执行时间间隔为统计对象,检测由格式化串漏洞(Format String Vulnerabilty)引起的攻击。利用粗糙集对单个记录的记录长度集进行了属性重要性的离散化预处理,同时对3种属性在检测异常事件中的重要性进行度量,为形成新的检测规则作了准备。
This paper presents an application of rough set theory for security log analysis of Linux systems. Using record length, existence of non ASCII printable codes, and the time interval between processes data sources, the attacks caused by format string vulnerability are detected. The record length sets are prepocesed according to attribute importance based on rough set theory and the degrees of importance of the three attributes are measured to generate the new detective rules.
出处
《计算机工程》
CAS
CSCD
北大核心
2002年第11期164-166,182,共4页
Computer Engineering
基金
国家杰出青年基金资助项目(6970025)
国家"863"计划资助项目(2001AA140213)
