期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一个两层马尔可夫链异常入侵检测模型(英文) 被引量:7

A Two-Layer Markov Chain Anomaly Detection Model
下载PDF
导出
摘要 在现有的单层马尔科夫链异常检测模型基础上,提出一种崭新的两层模型.将性质上有较大差异的两个过程,不同的请求和同一请求内的系统调用序列,分为两层,分别用不同的马尔可夫链来处理.两层结构可以更准确地刻画被保护服务进程的动态行为,因而能较大地提高异常的识别率,降低误警报率.而且异常检测出的异常将被限制在相应的异常真正发生的请求区内.检测模型适合于针对特权进程(特别是基于请求?反应型的特权进程)的异常入侵检测. On the basis of the current single layer Markov chain anomaly detection model, this paper proposes a new two-layer model. Two distinctly different processes, the different requests and the system call sequence in the same request section, are classified as two layers and dealt with by different Markov chains respectively. The two-layer frame can depict the dynamic activity of the protected process more exactly than the single layer frame, so that the two-layer detection model can promote the detection rate and degrade the false alarm rate. Furthermore, the detected anomaly will be limited in the corresponding request sections where anomaly happens. The new detection model is suitable for privileged processes, especially for those based on request-response.
作者 徐明 陈纯 应晶
机构地区 浙江大学计算机科学与技术学院 杭州电子科技大学计算机学院
出处 《软件学报》 EI CSCD 北大核心 2005年第2期276-285,共10页 Journal of Software
基金 国家高技术研究发展计划(863) 浙江省自然科学基金 浙江省教育厅科研项目~~
关键词 马尔可夫链 系统调用 请求 异常检测 入侵检测 Markov chain system call request anomaly detection intrusion detection
分类号 TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献18

  • 1Mukherjee B, Heberlein LT, Levitt KN. Network intrusion detection. IEEE Network; 1994,8(3):26-41. 被引量:1
  • 2Denning DE. An intrusion-detection model. IEEE Trans on Software Engineering 1987,13(2):222-232. 被引量:1
  • 3Ilgun K, Kemmerer RA, Porras PA. State transition analysis: A rule-based intrusion detection approach. IEEE Trans on Software Engineering, 1995,21(3):181-199. 被引量:1
  • 4Lee W, Stolfo S J, Chan Pk. Learning patterns from UNIX process execution traces for intrusion detection. In Proc of the AAAI97 Workshop on AI Methods in Fraud and Risk Management. Menlo Park AAAI Press, 1997. 50-56. 被引量:1
  • 5Helmer GG, Wong JSK, Honavar V, Miller L. Intelligent agents for intrusion detection. In Proc of the IEEE Information Technology Conf Syracuse: IEEE Computer Society Press, 1998.121- 124. 被引量:1
  • 6Forrest S, Hofmeyr SA, Somayaji A, Longstaff TA. A sense of self for UNIX processes. In: Proc of the 1996 IEEE Symp on Security and Privacy. Oakland: IEEE Computer Society Press, 1996. 120-128. 被引量:1
  • 7Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls:Alternative data models. In: Proc of the 1999 IEEE Symp on Security and Privacy. Oakland: IEEE Computer Society Press, 1999. 133-145. 被引量:1
  • 8Okazaki Y, Sato I, Goto S. A new intrusion detection method based on process profiling In: Proc of the Symp. on Applications and the Internet. Nara: IEEE Computer Society Press, 2002. 82-90. 被引量:1
  • 9DuMouchel W. Computer intrusion detection based on Bayes factors for comparing command transition probabilities.Technical Report, TR91, National Institute of Statistical Sciences, 1999. http://www.niss.org. 被引量:1
  • 10Ju WH, Vardi Y. A hybrid high-order Markov chain model for computer intrusion detection.Technical Report, TR92, National Institute of Statistical Sciences, 1999. http://www.niss.org. 被引量:1

同被引文献94

引证文献7

二级引证文献82

软件学报
2005年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部