计算机科学 ›› 2010, Vol. 37 ›› Issue (3): 86-90.
• 计算机网络与信息安全 • 上一篇 下一篇
程霞,王晓锋
出版日期:
发布日期:
基金资助:
CHENG Xia,WANG Xiao-feng
Online:
Published:
摘要: 在入侵检测领域,对程序行为的异常分析始终缺乏高效的短周期模型,现有模型对程序行为的抽象能力非常有限。为此,首先提出一种新的、具备充分自描述能力的模式:间隙变长频繁短序列模式(GV模式),该模式涵盖描述程序行为的顺序、选择和循环3种基本结构;然后给出GV模式挖掘算法以及基于GV模式库的系统调用流程图模型。实验表明,基于新模型的异常检测算法简单高效,在保持高检测率的前提下具有较低的检测开销和误检率,具备了实时检测能力。
关键词: 异常检测,短周期模型,行为分析,模式匹配,数据挖掘
Abstract: Efficient short sequence models used in anomaly analysis of program behaviors arc not available in anomaly detection field. The current models are short of abstracting program behaviors. Therefore, a new highly self-explanatory pattern called GV pattern(gapped variable frequent pattern) was provided to cover three fundamental structures of program:sequence, selection and circulation. Subsequently, GV pattern mined algorithm and system-call flow chart model based on GV pattern library were presented in details. Experiments show that the anomaly detection algorithm based on new model keeps low detection overhead and false positive rate on the condition of high detection rate, which is crucial in a real-time intrusion detection system.
Key words: Anomaly detection, Short sequence model, l3chavior analysis, Pattern matching, Data mining
程霞,王晓锋. 基于多层抽象的程序行为模型及异常检测研究[J]. 计算机科学, 2010, 37(3): 86-90. https://doi.org/
CHENG Xia,WANG Xiao-feng. Research on Program Behavior Model and Anomaly Detection Based on Multiple Abstraction[J]. Computer Science, 2010, 37(3): 86-90. https://doi.org/
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.jsjkx.com/CN/
https://www.jsjkx.com/CN/Y2010/V37/I3/86
Cited
首页