| 基于One-Class支持向量机的Windows注册表异常检测 |
| |
| 引用本文: | 饶秋纳,赵泽茂. 基于One-Class支持向量机的Windows注册表异常检测[J]. 计算机工程与科学, 2009, 31(8) |
| |
| 作者姓名: | 饶秋纳 赵泽茂 |
| |
| 作者单位: | 杭州电子科技大学通信工程学院,浙江,杭州,310018;杭州电子科技大学通信工程学院,浙江,杭州,310018 |
| |
| 摘 要: | 注册表作为Microsoft Windows操作系统的核心,控制着Windows整个系统的运行,而Micosoft Windows是目前应用最广泛,同时也是遭受恶意行为攻击最多的操作系统。针对这一现象,本文提出一种基于One-Class支持向量机的异常检测方法,利用Windows注册表建立入侵检测模型,通过支持向量机算法实时判断当前注册表的访问行为是否为异常状态来发现和识别入侵。实验表明,该方法对未知病毒和入侵行为具有较高的检测率,可以在先验知识较少的情况下提高学习机的推广能力;同时,利用One-Class支持向量机方法可以在不影响检测性能的条件下减少检测的反应时间,大大提高了检测系统的性能。
|
| 关 键 词: | 支持向量机 注册表 入侵检测 |
Windows Registry Anomaly Detection Based on One-Class Support Vector Machines |
| |
| RAO Qiu-na,ZHAO Ze-mao. Windows Registry Anomaly Detection Based on One-Class Support Vector Machines[J]. Computer Engineering & Science, 2009, 31(8) |
| |
| Authors: | RAO Qiu-na ZHAO Ze-mao |
| |
| Abstract: | As the core of the Microsoft Windows operating system,the registry controls the running of the whole Windows system. One of the most popular and most commonly attacked operating systems is Microsoft Windows. Malicious software often runs on the host machine to inflict attacks on the system. This paper presents a detection method for anomaly intrusion based on one-class support vector machines(SVM). It uses the normal Windows registry data set to train a detection model on a Windows host,and employs the SVM algorithm to detect abnormal registry accesses at run-time. The experimental results show that this approach can improve the generalization ability when less prior knowledge is given,and it also has the ability to detect unknown malicious programs and unknown intrusions. Meanwhile,the one-class support vector machines algorithm can reduce the detection time without decreasing the detection rate,and can greatly enhance the performance of the detection system. |
| |
| Keywords: | support vector machines registry intrusion detection |
| 本文献已被 万方数据 等数据库收录! |
|
