基于频率特征向量的系统调用入侵检测方法

计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 330-333.

基于频率特征向量的系统调用入侵检测方法

张莉萍,雷大江,曾宪华

重庆邮电大学移通学院计算机系重庆401520;重庆邮电大学计算机学院重庆400065;重庆邮电大学计算机学院重庆400065

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家自然科学基金(61075019),重庆邮电大学移通学院青年教师基金(20110302)资助

System Calls Based Intrusion Detection Method with Frequency Feature Vector

ZHANG Li-ping,LEI Da-jiang and ZENG Xian-hua

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 针对基于系统调用的异常入侵检测方法中较难抽取正常系统调用序列的特征库问题,提出将正常系统调用序列抽取出的子序列的频率特征转换为频率特征向量,并以此作为系统调用序列的局部和全局特征；为了保证对大规模数据集检测的准确率和速度,采用一类分类支持向量机(SVM)分类器进行学习建模,利用先前建立的特征库进行训练,建立入侵检测分类模型,最后对于待检测序列进行异常检测。在多个真实数据集上与已有的异常入侵检测方法进行比较实验,结果表明本文提出的方法的多个异常检测指标都都优于已有方法。

关键词: 系统调用,入侵检测,特征向量,支持向量机

Abstract: In order to solve the problem of extracting feature library and detecting anomaly system calls slowly in intrusion detection methods,this paper proposed a novel two phrase intrusion detection method．In the first phrase,we extracted subsequences from normal system calls and calculated the frequency of the subsequences,and transformed the frequency feature into the frequency feature vector including continue numeric number．In order to improve the accuracy and speed of detecting anomaly system calls,the paper adopted one-class classification support vector machine(SVM) to build the detecting model,which uses the feature vector library to build the model．Finally,we conducted extensive experiment to evaluate the performance of our proposed method．The results show that our proposed method is superior to the existing methods in many evaluation metrics.

Key words: System calls,Intrusion detection,Frequency feature vector,Support vector machine

张莉萍,雷大江,曾宪华. 基于频率特征向量的系统调用入侵检测方法[J]. 计算机科学, 2013, 40(Z6): 330-333. https://doi.org/

ZHANG Li-ping,LEI Da-jiang and ZENG Xian-hua. System Calls Based Intrusion Detection Method with Frequency Feature Vector[J]. Computer Science, 2013, 40(Z6): 330-333. https://doi.org/

参考文献

[1] Axelsson S．The base-rate fallacy and the difficulty of intrusion detection [J]．ACM Transactions on Information and System Security,2000,3(3):186-205 (下转第339页)(上接第333页)
[2] Sundaram A．An Introduction to Intrusion Detection [J]．Crossroads,1996,2(4):3-7
[3] Forrest S,Hofmeyr S A,Somayaji A,et al．Sense of self forUnix processes [C]∥Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy．Oakland,CA,USA:IEEE Computer Society Press,1996:120-128
[4] 吴瀛,江建慧,张蕊．基于系统调用的入侵检测研究进展[J]．计算机科学,2011,38(1):20-25
[5] Forrest S,Hofmeyr S A,Somayaji A．Intrusion Detection Using Sequences of System Calls [J]．Journal of Computer Security,1998,6(3):151-180
[6] Liao Yi-hua,Vemuri V R．Use of K-nearest Neighbor Classifier for Intrusion Detection [J]．Networks and Security,2002,21(5):438-448
[7] Rawat S,Gulati V P,Arun K P,et al．Intrusion Detection Using Text Processing Techniques with a Binary-Weighted Cosine Metric [J]．Journal of Information Assurance and Security,2006,1(1):43-50
[8] Jecheva V,Nikolova E．An adaptive KNN algorithm for anomaly intrusion detection [C]∥Interaction of theory and practice:key problems and solutions．Burgas Bulgaria:Burgas Free University,2011:198-204
[9] 吕锋,刘泉永．利用KNN 算法实现基于系统调用的入侵检测技术[J]．微计算机信息,2006,22(93):76-78
[10] Forrest S,Warrender C,Pearlmutter B．Detecting IntrusionsUsing System Calls:Alternate Data Models[C]∥Proceedings of the 1999IEEE ISRSP． IEEE Computer Society,Washington,DC,USA,1999:133-145
[11] Tax D M J,Duin R P W．Support Vector Data Description[J]．Machine Learning,2004,54(1):45-66
[12] University of New Mexico．Computer Immune Systems Project．http://www.cs.unm.edu/~immsec /systemcalls.htm
[13] Budalakoti S,Srivastava A,Otey M．Anomaly detection and diagnosis algorithms for discrete symbol sequences with applications to airline safety [J]．IEEE Transactions on Systems,Man and Cybernetics(Part C:Applications and Reviews),2009,39(1):101-113
[14] Ramaswamy S,Rastogi R,Shim K．Efficient algorithms for mi-ning outliers from large data set[C]∥Proceedings of the ACM SIGMOD International Conference on Management of Data．Dallas,TX,United states:IEEE Computer Society Press,2000:427-438
[15] Thomas C,Sharma V,Balakrishnan N．Usefulness of DARPA dataset for intrusion detection system evaluation[C]∥Procee-dings of SPIE-The International Society for Optical Enginee-ring．Orlando,FL,United States:IEEE Computer Society Press,2000:220-237
[16] Cerioli A,Farcomeni A．Error rates for multivariate outlier detection [J]．Computational Statistics and Data Analysis,2011,55(1):544-553
[17] Fawcett T．An introduction to ROC analysis [J]．Pattern Recognition Letters,2006,27(8):861-874

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed