| 基于增量One-Class支持向量机的注册表异常检测 |
| |
| 引用本文: | 刘志才,彭宏.基于增量One-Class支持向量机的注册表异常检测[J].西华大学学报(自然科学版),2007,26(2):8-10,14. |
| |
| 作者姓名: | 刘志才 彭宏 |
| |
| 作者单位: | 西华大学数学与计算机学院,四川,成都,610039 |
| |
| 摘 要: | 提出一种基于增量支持向量机的异常检测方法,利用Windows注册表建立了入侵检测模型,通过SVM算法实时判断当前对注册表的访问行为是否为异常状态来发现和识别入侵行为。实验表明:该方法对未知病毒和未知入侵行为具有较高检测率,可以提高在先验知识较少情况下的学习机推广能力。同时,考虑到注册表键值数量巨大,采用增量SVM算法可以在不影响检测性能的同时减少训练时间。
|
| 关 键 词: | 增量支持向量机 注册表 入侵检测 病毒检测 |
| 文章编号: | 1673-159X(2007)02-0008-03 |
| 修稿时间: | 2006-11-30 |
Detection of Registry Anomaly Intrusion Based on One-Class Incremental Support Vector Approach |
| |
| LIU Zhi-cai,PENG Hong.Detection of Registry Anomaly Intrusion Based on One-Class Incremental Support Vector Approach[J].Journal of Xihua University:Natural Science Edition,2007,26(2):8-10,14. |
| |
| Authors: | LIU Zhi-cai PENG Hong |
| |
| Abstract: | This paper presents a detection system for anomaly intrusion based on incremental support vector approach.The authors use normal Windows registry data set to train a detection model on a windows host,and employ SVM algorithm to detect abnormal registry access at run-time.The experimental results show that this approach can improve generalizing ability when less prior knowledge is given,and it also has the ability to detect unknown malicious programs and unknown intrusion.At the same time,by using incremental SVM algorithm,it can reduce the train time without decrease in detection rate. |
| |
| Keywords: | incremental support vector machine windows registry intrusion detection virus detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
