Anomaly Detection of User Behavior Based on Shell Commands and Homogeneous Markov Chains  被引量:12

Anomaly Detection of User Behavior Based on Shell Commands and Homogeneous Markov Chains

在线阅读下载全文

作  者:TIAN Xinguang DUAN Miyi LI Wenfa SUN Chunlai 

机构地区:[1]Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080, China [2]Institute of Computing Technology, Beijing Jiaotong University, Beijing 100044, China

出  处:《Chinese Journal of Electronics》2008年第2期231-236,共6页电子学报(英文版)

摘  要:Behavior-based intrusion detection is currently an active research topic in the field of network security. This paper proposes a novel method for anomaly detection of user behavior, which is applicable to host-based intrusion detection systems using shell commands as audit data. The method employs a one-order homogeneous Markov chain model to characterize the normal behavior profile of a network user, and associates the states of the Markov chain with specific shell commands in the training data. The parameters of the Markov chain are estimated by a command matching algorithm which is compurationally efficient. At the detection stage, the occurrence probabilities of the state sequences are firstly computed, and then two alternative schemes could be used to distinguish between normal and anomalous behavior. The method gives attention to both computational efficiency and detection accuracy, and is especially suitable for online detection. Our study empirically demonstrated the promising performance of the method.

关 键 词:Intrusion detection Anomaly detection Shell command Markov chain. 

分 类 号:TP39[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象