| 异常检测中正常行为规则性的度量 |
| |
| 引用本文: | 潘峰,蒋俊杰,汪为农. 异常检测中正常行为规则性的度量[J]. 计算机研究与发展, 2005, 42(8): 1415-1421 |
| |
| 作者姓名: | 潘峰 蒋俊杰 汪为农 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系,上海,200030;上海交通大学计算机科学与工程系,上海,200030;上海交通大学计算机科学与工程系,上海,200030 |
| |
| 基金项目: | 国家自然科学基金项目(60073074) |
| |
| 摘 要: | 异常检测是防范新型攻击的基本手段,正常行为的规则性是影响检测能力的基本因素.在使用信息熵作为分析工具的基础上,提出了一种度量异常检测中正常行为规则程度的方法,并将这种方法用于对两个异常检测实例的分析,从理论上分析了如何改造特征以获得更多的规则性信息.在此理论的基础上,针对不同的数据类型提出了两种新的异常检测算法.
|
| 关 键 词: | 入侵检测 异常检测 熵 反向选择 |
| 收稿时间: | 2003-05-12 |
| 修稿时间: | 2003-05-12 |
An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection |
| |
| Pan Feng,Jiang Junjie,Wang Weinong. An Entropy-Based Method to Measure the Regularity of Normal Behaviors in Anomaly Detection[J]. Journal of Computer Research and Development, 2005, 42(8): 1415-1421 |
| |
| Authors: | Pan Feng Jiang Junjie Wang Weinong |
| |
| Abstract: | Anomaly detection is an essential component of the protection mechanisms against novel attacks.In this paper, an entropy-based method to measure the regularity of normal behaviors in anomaly detection is proposed.This measure is defined as the ratio of normal behavior's entropy to totally random behavior's entropy.Two case studies on Unix system call data and network tcpdump data are used to illustrate the utilities of this measure.A new algorithm is advanced to detect network intrusions using sequences of system calls, and it can realize anomaly detection over noisy data.At the same time, a new immune algorithm: multi-level negative selection algorithm is developed and applied to anomaly detection, compared with Forrest's negative selection algorithm.It enhances detector generation efficiency in essence. |
| |
| Keywords: | intrusion detection anomaly detection entropy negative selection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
