检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]哈尔滨工业大学计算机科学与技术学院,哈尔滨150001
出 处:《智能计算机与应用》2014年第4期13-16,共4页Intelligent Computer and Applications
基 金:国家重点基础研究发展计划(973)(2011CB302605);国家科技支撑计划(2012BAH37B01)
摘 要:系统调用是操作系统和用户程序的接口,任何程序必须通过系统调用才能执行。近年来,网络安全事件频发,基于系统调用序列分析的入侵检测方法成为了网络安全研究的热点技术之一。本文提出了基于枚举序列、隐马尔科夫两种方法建立系统行为的层次化模型,不同于传统意义上的单层次模型。在新墨西哥大学提供的实验数据上,本方法在检测程序异常行为的准确度和响应时间方面都得到了很好的效果,表明该方法更适合基于主机入侵的在线检测方法。System calls are the interface between operating system and user programs. Execution of each program must use some system calls. In recent years, network security incidents occur frequently, intrusion detection method based on the system call sequence analysis has become one of the hot network security technology researches. This paper presents a multi - layer model of program behaviours based on both hidden Markov models and enumerating methods, which differs from the conventional single layer approach. On experimental data provided by the University of New Mexico, experimental results have shown that the model is better in detecting anomalous behaviour of programs in terms of accuracy and response time, which indicates that this method is suitable for online host -based intrusion detection systems.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.70