摘要
本文提出了一种基于确定性退火算法的检测“伪装”入侵行为的方法 .在该方法中 ,每一个用户被看作是一个离散变长记忆的平稳信源 ,被“伪装”的入侵者利用的账户所产生的命令行字符序列可以被看作是由该账户的相应用户和“伪装”的入侵者两个不同信源在不同时段活动的混合结果 .我们通过对命令行字符序列的分析来重构原信源模型以判断是否存在入侵行为 .
A new model based on deterministic annealing for detecting intruders/users masquerading as other users is presented. In our model, each user is viewed as a discrete stationary source with variable memory. A sequence of characters composed of command lines from a user's account is regarded as the result that is potentially generated by the user and the intruder in different period. We determine masquerades by finding the source(s) in the sequence. Our experiment shows that the model is feasible.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2004年第2期303-305,共3页
Acta Electronica Sinica
