基于多BP神经网络的内存组合特征分类方法

针对内存数据在攻击行为发生后会发生改变,而传统完整性度量系统使用的基准值度量存在检测率低、灵活性不足等问题的现象,提出一种基于多反向传播(BP)神经网络的内存组合特征分类方法.首先,将内存数据通过度量对象提取算法(MOEA)提取特征值;然后,分别使用不同的BP神经网络进行模型训练;最后,再通过一个BP神经网络对所得数据...

Memory combined feature classification method based on multiple BP neural networks

The memory data will change after occurring the attack behaviors， and benchmark measurement used by the traditional integrity measurement system has the problems of low detection rate and lack of flexibility. Aiming at the above problems， a memory combined feature classification method based on multiple Back Propagation （BP） neural networks was proposed. Firstly， the feature value of the memory data was extracted by Measuring Object Extraction Algorithm （MOEA）. Then， the model was trained by different BP neural networks. Finally， a BP neural network was used to collect the obtained data and calculate the safety status score of the operating system. Experimental results show that compared with the traditional integrity measurement system using benchmark measurement， the proposed method has much higher accuracy and universality， and the proposed method has a detection accuracy of 98.25%， which is higher than those of Convolutional Neural Network （CNN）， K-Nearest Neighbor （KNN） algorithm and single BP neural network， verifying the proposed method can detect attack behaviors more accurately. The proposed method has the model training time about 1/3 of the traditional single BP neural network， and also has the model training speed improved compared with similar models.