计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 337-339.
陈利,张利,姚轶崭,胡卫华
CHEN Li,ZHANG Li,YAO Yi-zhan and HU Wei-hua
摘要: 传统指纹识别方法在检测新型未知木马时漏报率较高。为此,提出基于时序分析的无指纹木马控制行为识别方法。该方法先对数据流进行时序分簇处理,再计算分簇数据的加权欧氏距离,通过分簇数据的时序关系来识别木马控制行为。实验表明,该方法无需特征指纹库,且检测准确率高,占用资源少,能实现实时检测和处理。
| [1] Zhang Li-ke,White G B.An Approach to Detect Executable Content for Anomaly Based Network Intrusion Detection[C]∥Proc.of Parallel and Distributed Processing Sysmposium.Long Beach,USA:[s.n],2007:1-8 [2] 井小沛,汪厚详,聂凯,等.面向入侵检测的基于IMGA和MKSVM的特征选择算法[J].计算机科学,2012,39(7):262-264 [3] Nie Fei-ping,Xiang Shi-ming,Jia Yang-qing,et al.Trace Ratio Criterion for Feature Selection[C]∥Proceedings of National Conference on Artificial Intelligence.Chicago,USA:[s.n],2008:672-675 [4] Wang Sui-yu,Baird H S.Feature Selection Focused Within Error Clusters[C]∥Proceedings of the 19th IEEE ICPR’08.[s.1]:IEEE Press,2008:1-4 [5] 易军凯,陈利,孙建伟.网络心跳包序列的数据流分簇检测方法[J].计算机工程,2011,37(24):201-524 [6] Nehinbe J O.Automated technique for debugging network intrusion detection systems[A]∥IEEE 2010International Confe-rence on Intelligent Systems,Modelling and Simulation(ISMS) [C].Liverpool,2010:363-367 [7] Wuu L C,Hung C H,CHEN S F.Building intrusion pattern miner for Snort network intrusion detection system[J].Journal of Systems and Software,2007,80(10):1701-1714 [8] 郭文忠,陈国龙,陈庆良,等.基于粒子群优化算法和相关性分析的特征子集选择[J].计算机科学,2008,35(2):113-147 [9] 陈友,沈华伟,李洋.一种高效的面向入侵检测系统的特征选择算法[J].计算机学报,2007,30(8):1395-1407 [10] 陈友,程学旗,李洋,等.基于特征选择的轻量级入侵检测系统[J].软件学报,2007,18(7):1639-1650 |
| No related articles found! |
|
||
首页