检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:贺喜[1,2] 蒋建春[1] 丁丽萍[1] 王永吉[1] 廖晓峰[1,2]
机构地区:[1]中国科学院软件研究所基础软件国家工程研究中心,北京100190 [2]中国科学院研究生院,北京100190
出 处:《计算机应用与软件》2012年第8期1-4,24,共5页Computer Applications and Software
基 金:国家自然科学基金重大项目(91124001);"核高基"基础软件重大专项(2010ZX01036-001-002);中国科学院知识创新工程重要方向项目(KGCX2-YW-125)
摘 要:基于系统调用序列的入侵检测是分析主机系统调用数据进而发现入侵的一种安全检测技术,其关键技术是如何能够更准确地抽取系统调用序列的特征,并进行分类。为此,引进LDA(Latent Dirichlet Allocation)文本挖掘模型构建新的入侵检测分类算法。该方法将系统调用短序列视为word,利用LDA模型提取进程系统调用序列的主题特征,并结合系统调用频率特征,运用kNN(k-Nearest Neighbor)分类算法进行异常检测。针对DAPRA数据集的实验结果表明,该方法提高了入侵检测的准确度,降低了误报率。The technique of intrusion detection based on sequence of host system call is a security detection technique mainly focusing on analysing the data set of host sys'tem call and further finding the intrusion. Its key technology relies on how to extract the characteristics of sys- tem call sequence more accurately and then followed by classification. In this paper, aiming at this, LDA (Latent Dirichlet Allocation) text mining model is introduced to build a new intrusion detection classification algorithm. In this method, topic characteristics of system call se- quence are extracted using LDA model which the short sequence of system call is regarded by the method as word. Combined with the fre- quency characteristics of system calls, kNN ( k-Nearest Neighbor) classification algoi'ithm is used for anomaly detection. Experiment is evalu- ated on 1998 DAPRA data set, the result shows that the method improves the accuracy of intrusion detection, and reduces the false alarm rate.
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.143.5.121
