| 基于系统调用参数的入侵检测方法 |
| |
| 引用本文: | 黄国言,高健培,常旭亮.基于系统调用参数的入侵检测方法[J].计算机工程,2010,36(12):153-155. |
| |
| 作者姓名: | 黄国言 高健培 常旭亮 |
| |
| 作者单位: | 燕山大学信息科学与工程学院,秦皇岛,066004 |
| |
| 基金项目: | 河北省自然科学基金资助项目(F2009000477) |
| |
| 摘 要: | 基于系统调用序列的入侵检测系统没有考虑所有的系统调用特性,导致一些新型的攻击行为通过伪装能绕过基于系统调用序列的入侵检测系统的检测。针对上述攻击行为,提出一种基于系统调用参数的入侵检测系统模型。实验结果表明,该系统对伪装的系统调用有很高的检测率。
|
| 关 键 词: | 伪装攻击 系统调用参数 入侵检测系统 |
Intrusions Detection Method Based on Parameters of System Call |
| |
| HUANG Guo-yan,GAO Jian-pei,CHANG Xu-liang.Intrusions Detection Method Based on Parameters of System Call[J].Computer Engineering,2010,36(12):153-155. |
| |
| Authors: | HUANG Guo-yan GAO Jian-pei CHANG Xu-liang |
| |
| Affiliation: | (School of Information Science and Engineering, Yanshan University, Qinhuangdao 066004) |
| |
| Abstract: | According to the present number of new attacks found that these systems can be evaded by launching attacks that execute legitimate system call sequences. The emergence of such an attack is inevitable because the system call sequence based on the intrusion detection system is not take into account all available features of system calls. A new method is proposed to construct parameter model of detection system by using parameters of system call. Experimental results indicate that the proposed method can achieve higher hit rates for detecting the mimicry attack. |
| |
| Keywords: | mimicry attack parameters of system call intrusion detection system |
| 本文献已被 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载全文 |
