首页 | 本学科首页   官方微博 | 高级检索  
     

基于一种相对Hamming距离的入侵检测方法--RHDID
引用本文:张琨,许满武,张宏,刘凤玉.基于一种相对Hamming距离的入侵检测方法--RHDID[J].计算机学报,2003,26(1):65-70.
作者姓名:张琨  许满武  张宏  刘凤玉
作者单位:1. 南京理工大学计算机科学与技术系,南京,210094
2. 南京大学计算机科学与技术系,南京,210093
基金项目:本课题得到国家自然科学基金(69973020)资助.
摘    要:首先分析了传统入侵检测方法的不足,即误用入侵检测方法难于检测新形式的入侵,异常入侵检测方法难于建立合理有效的正常行为特征和检测方法。然后,通过对特权进程的系统调用和参数序列的研究,提出了一种相对Hamming距离入检测方法(RHDID)。应用RHDID检测入侵不仅能有效降低漏报率和误报率,而且使实时入侵检测成为可能。最后,原型系统证实了该方法的可行性,获得了在实时环境中检测入侵的技术效果。

关 键 词:Hamming距离  入侵检测方法  RHDID  计算机网络  网络安全  防火墙
修稿时间:2001年1月8日

An Intrusion Detection Method(RHDID) Based on Relative Hamming Distance
ZHANG Kun,XU Man Wu,ZHANG Hong,LIU Feng Yu.An Intrusion Detection Method(RHDID) Based on Relative Hamming Distance[J].Chinese Journal of Computers,2003,26(1):65-70.
Authors:ZHANG Kun  XU Man Wu  ZHANG Hong  LIU Feng Yu
Affiliation:ZHANG Kun 1) XU Man Wu 2) ZHANG Hong 1) LIU Feng Yu 1) 1)
Abstract:A new kind of method for anomaly intrusion detection, which is named RHDID(An Intrusion Detection Method Based on Relative Hamming Distance) is brought forward, in which "normal behavior" is defined by the sequences of system calls and parameters in a privileged process. Based on HD (Hamming Distance), a novel algorithm, which is named as Relative Hamming Distance (RHD), is presented to decrease false positive rate. This method (RHDID) can effectively reduce false positives and negative positives and can be applied to real time intrusion detection. Finally, the operational prototypical system demonstrates its feasibility and gets the effectiveness of real time intrusion detection. The experimental results show that the proposed detection method based on RHD is more powerful and more efficient than the classical one.
Keywords:intrusion detection  Hamming distance  system call  network security
本文献已被 CNKI 维普 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号