| 基于数据取值规则的入侵检测技术 |
| |
| 引用本文: | 游大涛,周清雷,董西广.基于数据取值规则的入侵检测技术[J].微电子学与计算机,2008,25(11). |
| |
| 作者姓名: | 游大涛 周清雷 董西广 |
| |
| 作者单位: | 郑州大学,信息工程学院,河南,郑州,450052 |
| |
| 摘 要: | 目前的入侵检测系统往往利用系统调用序列来设计,而忽略了系统调用序列所运行的数据环境,因此无法应对那些不改变系统调用序列的新型攻击.提出了一种新的入侵检测模型,它结合系统调用序列及其运行的数据环境来进行检测,通过学习系统调用序列的数据取值规则,增强模型的检测能力.实验结果表明,与现有模型相比,该方法具有检测效率高、误警率低及训练阶段时空开销小的优点.
|
| 关 键 词: | 系统调用 取值规则 异常入侵检测 |
Intrusion Detection Based on Value Rule |
| |
| YOU Da-tao,ZHOU Qing-lei,DONG Xi-guang.Intrusion Detection Based on Value Rule[J].Microelectronics & Computer,2008,25(11). |
| |
| Authors: | YOU Da-tao ZHOU Qing-lei DONG Xi-guang |
| |
| Abstract: | Now the intrusion detection models are usually designed in terms of system call sequence,but not their arguments.This kind of detection model can not effectively deal with new attacks which do not change the system call sequence.To address the problem,this paper supposes a new approach which combines the system calls with their temporal arguments.This approach can strengthen the ability of detection against some new attacks by learning the value-rule of the arguments between system calls.The experiment results illustrate that compared with existent intrusion detection models this approach is more effective,has lower positive warning rate and less time and space consuming within the training phrase. |
| |
| Keywords: | system call value rule abnormal intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
