| 采用规划识别理论预测系统调用序列中的入侵企图 |
| |
| 引用本文: | 冯力,管晓宏,郭三刚,高艳,刘培妮.采用规划识别理论预测系统调用序列中的入侵企图[J].计算机学报,2004,27(8):1083-1091. |
| |
| 作者姓名: | 冯力 管晓宏 郭三刚 高艳 刘培妮 |
| |
| 作者单位: | 西安交通大学网络化系统与信息安全研究中心,西安,710049;西安交通大学制造系统国家重点实验室,西安,710049 |
| |
| 基金项目: | 国家杰出青年基金(6970025),国家自然科学基金(60243001),国家“八六三”高技术研究发展计划信息安全主题(2001AA140213)资助 |
| |
| 摘 要: | 规划识别是一种根据观察数据识别和推断被观察对象目的或意图的预测理论.在计算机系统入侵检测研究中,为了提前预测出异常事件的发生,提出了一种基于规划识别理论的入侵企图预测方法.通过对主机上的系统调用序列为观察对象建立预测模型,提出了一种带参数补偿的贝叶斯网络动态更新算法,对观察对象的目的进行预测.实验结果表明动态贝叶斯网络对预测系统调用序列中的异常入侵企图有较高的精度.
|
| 关 键 词: | 入侵预测 规划识别 动态贝叶斯网络 参数补偿 系统调用序列 |
Plan Recognition Based Method for Predicting Intrusion Intentions of System Call Sequences |
| |
| FENG Li,GUAN Xiao-Hong,GUO San-Gang,GAO Yan,LIU Pei-Ni.Plan Recognition Based Method for Predicting Intrusion Intentions of System Call Sequences[J].Chinese Journal of Computers,2004,27(8):1083-1091. |
| |
| Authors: | FENG Li GUAN Xiao-Hong GUO San-Gang GAO Yan LIU Pei-Ni |
| |
| Abstract: | Plan recognition is a prediction theory for identifying and determining the intentions or the attempts of the agents monitored through observation data. In this paper, a plan recognition based method is presented to predict the anomaly events and intensions of potential intruders to a computer system using the system call sequences as observation data. The method is established on a dynamic Bayesian network with parameter compensation and an algorithm is developed to update this network. The experimental results show that this method has a good accuracy in predicting the intrusion intensions from the system call sequences. |
| |
| Keywords: | intrusion prediction plan recognition dynamic Bayesian network parameter compensation system call sequences |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
