检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]鞍山科技大学计算机科学与工程学院,辽宁鞍山114044
出 处:《计算机工程与应用》2006年第16期129-133,199,共6页Computer Engineering and Applications
摘 要:文章在深入分析免疫系统的基础上,提出了一种针对系统调用序列的高效低负的异常检测方法,该方法借助粗糙集理论分析进程正常运行时产生的系统调用序列,提取最简的预测规则模型。与其他方法相比,用粗糙集理论建立正常模型要求的训练数据获取简单,生成的小规则集利于实时检测,能更有效地检测进程的异常运行状态。具有这样免疫特性规则模型可以在局部和全局不同层次上检测入侵攻击,具有较好的自适应性、可扩展性和智能性。实验证明该方法的检测效率明显优于其他建模方法。A high-efficient and low-loading abnormal detecting method aiming at system calls sequences based on complete analyzing the immunity theory is put forward.The method by using the rough set theory analyzes the system calls sequences created by the normal running processes;and extracts a set of forecasting rules model with the minimum size.Compared with other methods,there are some merits using the Rough set theory to create the normal model.Namely,it is simple to get the training data,the small rule set is advantage to real-time detection,and the process' abnormal running state can be detected out effectively.The rules modules with the trait of immunity can detect intrusion attack in part and the whole network.These modules have better adaptability,expansibility and intelligence. Experiment results show that the efficiency of the method in this paper is obviously better than other methods.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.19.244.116