| 基于系统调用的入侵检测系统设计与实现 |
| |
| 引用本文: | 张军,苏璞睿,冯登国.基于系统调用的入侵检测系统设计与实现[J].计算机应用,2006,26(9):2137-2139. |
| |
| 作者姓名: | 张军 苏璞睿 冯登国 |
| |
| 作者单位: | 1. 中国科学技术大学,电子工程与信息科学系,安徽,合肥,230027
2. 中国科学院,软件研究所,北京,100049 |
| |
| 基金项目: | 国家重点基础研究发展计划(973计划);国家自然科学基金 |
| |
| 摘 要: | 介绍了一个基于系统调用的灵活加载的入侵检测系统。该系统改进了常用的数据采集方法,采用虚拟设备驱动来获取系统调用。这种数据采集方法对系统影响小,可以灵活装卸,并提供标准的接口。数据分析融合了异常检测和误用检测两种方法,提出了相应的检测模型,并引入了滤噪函数。
|
| 关 键 词: | 入侵检测 系统调用 虚拟设备驱动 滤噪函数 非层次聚类 |
| 文章编号: | 1001-9081(2006)09-2137-3 |
| 收稿时间: | 2006-03-10 |
| 修稿时间: | 2006-03-102006-05-24 |
Design and implementation of intrusion detection system based on system-call |
| |
| ZHANG Jun,SU Pu-rui,FENG Deng-guo.Design and implementation of intrusion detection system based on system-call[J].journal of Computer Applications,2006,26(9):2137-2139. |
| |
| Authors: | ZHANG Jun SU Pu-rui FENG Deng-guo |
| |
| Affiliation: | 1. Department of Electronic Engineering and Information Science, University of Science and Technology of China, Hefei Anhui 230027, China; 2. Institute of Software, Chinese Academy of Sciences, Beijing 100049, China |
| |
| Abstract: | The technology of Intrusion Detection is one of the important measures to protect the networks.Host-based intrusion detection is used to protect the key hosts.A flexible loading intrusion detection based on system-call was introduced in this paper.This system improved the common data collection method,and adopted virtual equipment driversto acquire system call.This method brings small influence on system,is easy to load and unload,and provides the standard interface. The data analysis integrates the two detection methods: anomaly and misuse,which provides corresponding detection models and introduces the noise filtering function. |
| |
| Keywords: | intrusion detection system call virtual equipment drives noise filtering function nonhierarchical clustering |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
