基于Linux Shell命令的用户异常操作检测方法研究  被引量:4

Research on Detection Method of User Abnormal Operation Based on Linux Shell Commands

在线阅读下载全文

作  者:吴驰 帅俊岚 龙涛 于俊清 WU Chi;SHUAI Junlan;LONG Tao;YU Junqing(Network and Computation Center,Huazhong University of Science and Technology,Wuhan,430074,China)

机构地区:[1]华中科技大学网络与计算中心,武汉430074

出  处:《信息网络安全》2021年第5期31-38,共8页Netinfo Security

基  金:国家重点研发计划[2017YFB0801703];赛尔网络下一代互联网技术创新基金[NGII20170408]。

摘  要:针对数据中心安全需求,文章研究并设计了基于规则和基于命令序列的两种异常操作检测方法,在此基础上实现了基于Linux Shell命令的异常操作检测系统。基于规则的异常操作检测方法通过设计规则库匹配算法对被监测用户执行的Shell命令进行检测。基于命令序列的异常操作检测方法以合法用户历史命令序列为训练集构建用户行为特征库,使用异常命令序列检测算法判定被监测用户操作是否存在异常。实验结果表明,在高校数据中心环境中,基于规则的异常操作检测方法有较高的检测效率,基于命令序列的异常操作检测方法有较高的检测准确率,能够满足数据中心对用户执行Shell命令的异常检测需求。Aiming at the security requirements of data center,this paper studies and designs two kinds of abnormal operation detection methods based on rule and command sequence,and realizes the abnormal operation detection system based on Linux Shell commands.In the rule-based abnormal operation detection method module,a rule base matching algorithm is designed to detect the Shell commands executed by the monitored users.In the module of abnormal operation detection method based on command sequence,the user behavior feature library is constructed with the legal user history command sequence as the training set,and the abnormal operation detection algorithm based on abnormal command sequence is used to determine whether the monitored user operation is abnormal.The experimental results show that in the university data center environment,the rule-based abnormal operation detection method has high detection efficiency,and the command sequence based abnormal operation detection method has high detection accuracy,which can meet the abnormal detection requirements of the data center for users to execute Shell commands.

关 键 词:Linux Shell 异常检测 规则库 命令序列 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象