| 基于系统调用特征的入侵检测研究 |
| |
| 引用本文: | 姚立红,訾小超,黄皓,茅兵,谢立.基于系统调用特征的入侵检测研究[J].电子学报,2003,31(8):1134-1137. |
| |
| 作者姓名: | 姚立红 訾小超 黄皓 茅兵 谢立 |
| |
| 作者单位: | 南京大学计算机软件新技术国家重点实验室,江苏南京,210093;南京大学计算机科学与技术系,江苏南京,210093 |
| |
| 基金项目: | 国家 8 63计划 (No .2 0 0 1AA1 4 4 1 1 0No.2 0 0 1AA1 4 2 0 1 0 ) |
| |
| 摘 要: | 对网络服务程序进行攻击是非法用户入侵系统的主要途径 ,针对关键程序的入侵检测近年来受到重视 .该文提出的CTBIDS检测模型在利用系统调用特征树描述程序行为特征的基础上 ,通过异常有限积累判别程序入侵 ,既能体现异常状况的长期积累 ,也能很好地反映入侵的异常局部性原理 .此外 ,该文通过统计分析方法确定入侵判别参数 ,使得入侵判别更加准确 .测试及试用结果表明CTBIDS能有效检测出针对关键程序的攻击
|
| 关 键 词: | 信息安全 入侵检测 系统调用序列 |
| 文章编号: | 0372-2112(2003)08-1134-04 |
Research of System Call Based Intrusion Detection |
| |
| YAO Li hong,ZI Xiao chao,HUANG Hao,MAO Bing,XIE Li.Research of System Call Based Intrusion Detection[J].Acta Electronica Sinica,2003,31(8):1134-1137. |
| |
| Authors: | YAO Li hong ZI Xiao chao HUANG Hao MAO Bing XIE Li |
| |
| Abstract: | Attacking the network services is a primary approach for unauthorized users to intrude system,and the program based intrusion detection technologies have been paid much attention to recently.The paper puts forward an intrusion detection model named CTBIDS.The model used tree structure to characterize program's normal behavior,and found whether program was exploited by limitedly accumulating anomaly during the program execution.It could reflect the accumulation of mismatches,as well as the locality of mismatches caused by intrusion.Moreover,it gave a statistical proposal to choose the parameters used in intrusion detection that could increase the intrusion detection's precision.The results show that CTBIDS can detect the attacks against key programs effectively. |
| |
| Keywords: | information security intrusion detection system call sequence |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
