摘要
建立了计算机系统中系统调用序列的Markov模型,并在此模型的基础上提出了一种用于计算机异常检测的方法。文章利用统计方法分析进程中系统调用的发生情况,定义了一个依赖于状态转移概率的失配因子,并用它来计算失配率,由此判断被监视进程进行的操作是正常行为还是异常行为,文章还提出了一种基于遗忘因子的状态转移概率的更新算法。
The paper builds a Markov model of system calls sequence on computer system for intrusion detection, and introduces an anomaly detection method for computer systems. It analyses the current system calls sequences by using the knowledge on statistics, then defines a mismatch factor based on transition probabilities to compute the mismatch rate, and judges whether the process is in normal state or not by analyzing the mismatch rate. It also gives an updated algorithm of transition probabilities based on forgetting factor.
出处
《计算机工程》
CAS
CSCD
北大核心
2002年第12期189-191,265,共4页
Computer Engineering
