摘要
文章在简单介绍了入侵检测技术之后,在前人工作的基础上提出了一种在异常检测中用神经网络构建程序行为的特征轮廓的思想。文中给出了神经网络算法的选择和应用神经网络的两种网络设计方案,并对它们进行了比较。实验表明在异常检测中用神经网络构建程序行为的特征轮廓,能够大大提高检测系统对偶然事件和入侵变异的自适应性,特别是带有反馈的回归神经网络能更充分地利用数据信息,在保持系统的虚警率不变的情况下使检测率也有所提高。
After giving a brief introduction of Intrusion Detection,this paper represents a method of using Neural Net-works in anomaly detection to analyze the short sequences of system calls.The choice of algorithms used in Neural Net-works is suggested and also two kinds of network design and their comparison are given in the paper.Experiments show that use NNet in Anomaly Detection to profile program behaviors can greatly improve the system's adaptability to new events and variance of intrusions.And using the Recurrent Neural Network with a feedback is especially better since it can improve the detection rate without increasing the false positives.
出处
《计算机工程与应用》
CSCD
北大核心
2002年第18期146-148,共3页
Computer Engineering and Applications
基金
国家863应急项目信息安全技术(项目号:301-6-6)
"十五"计划子课题:入侵检测预警和安全管理技术(编号:863-104-02)
