期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于隐马尔可夫模型(HMM)的系统调用异常检测

Anomaly Detection for System Call Sequences Based on HMM
下载PDF
导出
摘要 HMM用来检测一个系统调用短序列是否异常,根据异常系统调用短序列占该进程所有短序列的百分比来判断该进程是否是入侵。考虑到当一个入侵发生时,会产生大量的异常系统调用,导致其邻近系统调用与正常系统调用不匹配。为此我们对HMM的异常检测方法作了进一步改进,改进后的方法对异常更敏感,误报率更低。 The HMMs can be used to predict whether a sequence is "abnormal" or "normal". Acco.rding to the percent of the abnormal sequences, we can conclude whether the process is intrusion or not. When an intrusion actually occurs , it generates a number of abnormal system calls, and as a result, the neighboring sequences of system calls will not match the normal sequences. A new anomaly detection method based on HMMs is presented for Intrusion Detection Systems. We demonstrate that the new method has more sensitivity to the abnormals and lower false positives.
作者 杜静 陈媛媛
机构地区 太原科技大学 中北大学
出处 《太原科技大学学报》 2008年第1期16-19,共4页 Journal of Taiyuan University of Science and Technology
基金 太原科技大学青年基金项目(2007123)
关键词 入侵检测 系统调用 隐MARKOV模型 intrusion detection system calls hidden markov models region
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献4

  • 1FORREST S,HOFMEYR S A,SOMAYAJI A,LONGSTAFF T A. A sense of self for UNIX processes[ A]. In Proceedings of the 1996 IEEE Symposium on Security and Privaey[ C]. 1996,120-128.. 被引量:1
  • 2CHRISTINA WARRENDER, STEPHANIE FORREST, BARAK PEARLMUTTER. Detecting Intrusions Using System Calls: Alternative Data Models[ A]. 1999 IEEE Symposium on Security and Privacy[ C]. 1999,133-145. 被引量:1
  • 3闫巧,谢维信,宋歌,喻建平.基于HMM的系统调用异常检测[J].电子学报,2003,31(10):1486-1490. 被引量:15
  • 4RABINER L R. A tutorial on hidden markov models and selected application in speech recognition [ J ]. Proceedings of the IEEE, 1989,77 (2) :257-286. 被引量:1

二级参考文献8

  • 1Stephanie Forrest, Steven, A. Hofmeyr, Anti Somayaji. A Seace of Self for Unix Processes[A] .IEEE Symposium on Security and Privacy[C].Oakland, California IEEE Computer Society, 1996. 120 - 128. 被引量:1
  • 2Christina Warrender, Stephanie Forrest, Barak Pearlmutt. Detecting Intrusions Using System Calls: Alternative Data Model[ A]. 1999 IEEE Symposium on Security and Privacy[C]. 1999.133 - 145. 被引量:1
  • 3R Dugad, U B Desai. A Tutorial on Hidden Markov Models [ OL] url.http://vision. ai. uiuc. edu/dugad/guestbook/addHMMguest, html. 被引量:1
  • 4Koral Ilgun, Richard A. Kemmerer, Phillip A. Porras. State transition analysis: a rule-based intrusion detection approach[J]. IEEE Trans. on Software Engineering, March 1995,21 (3) : 181 - 199. 被引量:1
  • 5Teresa F lunt,R Jagannnthan, Menlo Park. A Prototype Real-Time Intrusion-Detection Expert System[A]. 1988 IEEE Symposium on Security and Privacy[C]. 1988.59 - 65. 被引量:1
  • 6Yanqiao. Xie Weixin. Yangbin Songge. An anomaly intrusion detection method based on HMM[J]. Eletronics Leeters,2002, 38(13) :663 -664. 被引量:1
  • 7Wenke Lee Dong Xiong. Information-Theoretic Measures for Anomaly Detection[A]. Proceedings IEEE Symposium on Security and Privacy[ C]. IEEE Computer Society, Oakland, California, USA. May 14 - 16,2001. 被引量:1
  • 8刘海峰,卿斯汉,蒙杨,刘文清.一种基于审计的入侵检测模型及其实现机制[J].电子学报,2002,30(8):1167-1171. 被引量:15

共引文献14

太原科技大学学报
2008年 第1期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部