计算机科学 ›› 2013, Vol. 40 ›› Issue (Z6): 330-333.
张莉萍,雷大江,曾宪华
ZHANG Li-ping,LEI Da-jiang and ZENG Xian-hua
摘要: 针对基于系统调用的异常入侵检测方法中较难抽取正常系统调用序列的特征库问题,提出将正常系统调用序列抽取出的子序列的频率特征转换为频率特征向量,并以此作为系统调用序列的局部和全局特征;为了保证对大规模数据集检测的准确率和速度,采用一类分类支持向量机(SVM)分类器进行学习建模,利用先前建立的特征库进行训练,建立入侵检测分类模型,最后对于待检测序列进行异常检测。在多个真实数据集上与已有的异常入侵检测方法进行比较实验,结果表明本文提出的方法的多个异常检测指标都都优于已有方法。
[1] Axelsson S.The base-rate fallacy and the difficulty of intrusion detection [J].ACM Transactions on Information and System Security,2000,3(3):186-205 (下转第339页)(上接第333页) [2] Sundaram A.An Introduction to Intrusion Detection [J].Crossroads,1996,2(4):3-7 [3] Forrest S,Hofmeyr S A,Somayaji A,et al.Sense of self forUnix processes [C]∥Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy.Oakland,CA,USA:IEEE Computer Society Press,1996:120-128 [4] 吴瀛,江建慧,张蕊.基于系统调用的入侵检测研究进展[J].计算机科学,2011,38(1):20-25 [5] Forrest S,Hofmeyr S A,Somayaji A.Intrusion Detection Using Sequences of System Calls [J].Journal of Computer Security,1998,6(3):151-180 [6] Liao Yi-hua,Vemuri V R.Use of K-nearest Neighbor Classifier for Intrusion Detection [J].Networks and Security,2002,21(5):438-448 [7] Rawat S,Gulati V P,Arun K P,et al.Intrusion Detection Using Text Processing Techniques with a Binary-Weighted Cosine Metric [J].Journal of Information Assurance and Security,2006,1(1):43-50 [8] Jecheva V,Nikolova E.An adaptive KNN algorithm for anomaly intrusion detection [C]∥Interaction of theory and practice:key problems and solutions.Burgas Bulgaria:Burgas Free University,2011:198-204 [9] 吕锋,刘泉永.利用KNN 算法实现基于系统调用的入侵检测技术[J].微计算机信息,2006,22(93):76-78 [10] Forrest S,Warrender C,Pearlmutter B.Detecting IntrusionsUsing System Calls:Alternate Data Models[C]∥Proceedings of the 1999IEEE ISRSP. IEEE Computer Society,Washington,DC,USA,1999:133-145 [11] Tax D M J,Duin R P W.Support Vector Data Description[J].Machine Learning,2004,54(1):45-66 [12] University of New Mexico.Computer Immune Systems Project.http://www.cs.unm.edu/~immsec /systemcalls.htm [13] Budalakoti S,Srivastava A,Otey M.Anomaly detection and diagnosis algorithms for discrete symbol sequences with applications to airline safety [J].IEEE Transactions on Systems,Man and Cybernetics(Part C:Applications and Reviews),2009,39(1):101-113 [14] Ramaswamy S,Rastogi R,Shim K.Efficient algorithms for mi-ning outliers from large data set[C]∥Proceedings of the ACM SIGMOD International Conference on Management of Data.Dallas,TX,United states:IEEE Computer Society Press,2000:427-438 [15] Thomas C,Sharma V,Balakrishnan N.Usefulness of DARPA dataset for intrusion detection system evaluation[C]∥Procee-dings of SPIE-The International Society for Optical Enginee-ring.Orlando,FL,United States:IEEE Computer Society Press,2000:220-237 [16] Cerioli A,Farcomeni A.Error rates for multivariate outlier detection [J].Computational Statistics and Data Analysis,2011,55(1):544-553 [17] Fawcett T.An introduction to ROC analysis [J].Pattern Recognition Letters,2006,27(8):861-874 |
No related articles found! |
|