摘要
异常检测技术假设所有的入侵行为都会偏离正常行为模式.尝试寻找一种新的异常入侵检测模型改善准确性和效率.模型利用应用程序的系统调用序列,通过基因规划建立了正常行为模式.模型的一个例程管理一个进程.当它发现进程的实际系统调用序列模式偏离正常的行为模式时,会将进程设标记为入侵,并采取应急措施.还给出了基因规划的适应度计算方法以及两个生成下一代的基本算子.通过与现有一些模型的比较,该模型具有更好的准确性和更高的效率.
Anomaly Detection techniques assume all intrusive activities deviate from the norm. In this paper a new anomaly detection model is found to improve the veracity and efficiency. The proposed model inestablishes a normal activity profile of the systemcall sequences by using Genetic Programming. One instance of the model monitors one process. If the model finds the real systemcall sequences profile of the process deviating from the normal activity profile, it will flag the process as intrusive and take some actions to respond to it. And a new method of calculating the fitness and two operators to generate the next offspring are provided. According to the comparison with some of current models, the model is more veracious and more efficient.
出处
《软件学报》
EI
CSCD
北大核心
2003年第6期1120-1126,共7页
Journal of Software
基金
国家重点基础研究发展规划(973)
国家杰出青年基金~~
关键词
入侵检测
基因规划
异常检测
行为模式
intrusion detection
genetic programming
anomaly detection
