| 基于熵的正常行为规则性度量 |
| |
| 引用本文: | 潘峰,汪为农.基于熵的正常行为规则性度量[J].计算机工程,2004,30(12):19-20,50. |
| |
| 作者姓名: | 潘峰 汪为农 |
| |
| 作者单位: | 上海交通大学计算机科学与工程系,上海,200030 |
| |
| 基金项目: | 国家自然科学基金资助项目(60073074) |
| |
| 摘 要: | 异常检测是防范新型攻击的基本手段。该文使用信息熵作为理论工具,用正常行为的熵相对于随机行为的熵的比值作为正常行为规则性的度量标准,并结合一个具体的异常检测实例验证了这种度量标准的合理性。
|
| 关 键 词: | 入侵检测 异常检测 熵 |
| 文章编号: | 1000-3428(2004)12-0019-02 |
Entropy-based Method to Measure Regularity of Normal Behaviors |
| |
| PAN Feng,WANG Weinong.Entropy-based Method to Measure Regularity of Normal Behaviors[J].Computer Engineering,2004,30(12):19-20,50. |
| |
| Authors: | PAN Feng WANG Weinong |
| |
| Abstract: | Anomaly detection is an essential component of the protection mechanisms against novel attacks. This paper proposes an entropy-based method to measure the regularity of normal behaviors in anomaly detection. This measure is defined as the ratio of normal behavior's entropy to totally random behavior's entropy. It uses case studies on Unix system call data to illustrate the utilities of this measure. |
| |
| Keywords: | Intrusion detection Anomaly detection Entropy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
