| 一种基于图的异常入侵检测新算法 |
| |
| 引用本文: | 朱莺嘤,叶茂,刘乃琦,吴康,郑凯元.一种基于图的异常入侵检测新算法[J].计算机科学,2008,35(11):78-82. |
| |
| 作者姓名: | 朱莺嘤 叶茂 刘乃琦 吴康 郑凯元 |
| |
| 作者单位: | 1. 电子科技大学计算机科学与工程学院,成都,610054
2. 南京科瑞达电子装备有限公司,南京,211100 |
| |
| 基金项目: | 国家自然科学基金(60702071); 四川省科技厅应用基础研究基金:数字免疫网络研究(2006J13~065); 教育部新世纪优秀人才支持计划(NCET-06-0811) |
| |
| 摘 要: | 根据主机系统异常入侵过程中Windows native API序列的瞬时高频性,提出一种基于图的异常入侵检测算法。该算法首先将每个Native API映射成为图中的一个点,并以其为起点的子序列作为该点的路径、Native API的前后调用关系为边;其次,对图中每个点记录各自的路径,在这些点的路径中找到若干个圈,圈定义为因对同一个Native API重复调用而在图中出现的回路;然后,对组成圈的所有边权值根据一定规则更新;最后利用图的边与其邻边权值差计算出异常指数,判断该序列是否异常。实验结果表明该算法在Windows平台下能实时有效地检测出异常入侵和病毒的Native API序列。
|
| 关 键 词: | 异常入侵检测 Windows Native API 图 |
Novel Intrusion Detection Algorithm Based on Graph |
| |
| ZHU Ying-ying,YE Mao,LIU Nai-qi,WU Kang,ZHENG Kai-yuan.Novel Intrusion Detection Algorithm Based on Graph[J].Computer Science,2008,35(11):78-82. |
| |
| Authors: | ZHU Ying-ying YE Mao LIU Nai-qi WU Kang ZHENG Kai-yuan |
| |
| Abstract: | Because of the high instantaneous frequency of the intrusion windows native API sequence,a novel method based on graph theory was proposed to solve the problem of the host-based intrusion detection.In our algorithm,each native API is considered as a node in the graph and the transfer of two native API is the edge between these two nodes.The route for a node is defined as the subsequence beginning from itself.The repetition of the same native API in the graph is referred to as a loop.The route of each node i... |
| |
| Keywords: | Intrusion detection Windows native API Graph |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
