摘要
为了克服入侵检测系统存在着在先验知识较少情况的推广能力差的问题,提出了基于粗糙集理论的入侵检测方法。利用粗糙理论,建立了系统调用短序列的检测模型并应用于sendmail调用序列检测。实验结果表明:它不需要全部的正常和异常的信息,在给出较少的正常和异常调用序列数据的情况下,能得到较为理想的检测效果。
An intrusion detection method based on rough set is proposed in order to overcome poor generalizing ability of current intrusion detection system in the case of less prior knowledge. According to rough set a detection model is built based on short call sequence and used to detec call sequences of sendmail program.The experimental proves that better detecting result can be obtained while less normal and abnormal information is needed.
出处
《电子科技大学学报》
EI
CAS
CSCD
北大核心
2006年第1期108-110,136,共4页
Journal of University of Electronic Science and Technology of China
关键词
粗糙集
入侵检测
网络安全
系统调用序列
rough set
intrusion detection
network security
system call sequence
