检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]北京信息科技大学信息管理学院,北京100192
出 处:《计算机应用与软件》2015年第4期309-313,共5页Computer Applications and Software
基 金:十二五国家科技支撑计划项目(2012BA H08B02)
摘 要:深入研究系统调用异常检测方法存在的不足,针对单纯依据序列或系统调用频率不能完整表示进程行为等问题,提出以研究系统调用的先后顺序以及系统调用之间的稳定性作为重要特征,提取系统调用特征向量,利用机器学习分类算法实现异常检测的新方法。提出的异常检测方法具有模型体积小、特征明确、报警准确率高等优点。静态数据测试结果表明利用系统调用时间特征描述进程行为是可行的;实时环境实验结果表明系统在真实环境下占用资源少、不影响程序及网络本身的运行效率,同时用户击键特征识别实验结果表明了时间特征对行为检测的有效性。By thorough studying the shortages in abnormal behaviour detection methods using system calls,and aiming at the problem that the progress behaviours cannot be fully expressed simply according to the sequence or system calling frequency,we propose a novel method, which takes studying the order of system calls and the stability between system calls as the important character,extracts the eigenvector of system calls,and uses machine learning classification algorithm to implement anomaly detection.The presented method has the advantages of small model size,explicit features,and highly accurate alert rate.Test results on static data show that it is feasible to describe the process behaviours by system call time features;experimental results in practical environment demonstrate that in real environment the system consumes few resources and does not affect the operation efficiency of the program and the network themselves,meanwhile the experimental result of users keystroke feature expresses the effectiveness of the time feature on behaviour detection.
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15