| 基于IRP特征序列的文件行为监控模型 |
| |
| 引用本文: | 范学斌,庞建民,张一弛,游 超.基于IRP特征序列的文件行为监控模型[J].信息工程大学学报,2012,13(4):508-512. |
| |
| 作者姓名: | 范学斌 庞建民 张一弛 游 超 |
| |
| 作者单位: | 信息工程大学 信息工程学院,河南郑州,450002 |
| |
| 基金项目: | 河南省重大科技攻关专项资助项目 |
| |
| 摘 要: | 随着信息技术的广泛应用,要害部门和机构对敏感机密文件的保护也越来越重视。现有的监控技术很难发现具有危害的文件操作行为。在对中间层驱动进行分析的基础上,提出了基于IRP序列的文件行为监控模型,并解决了IRP信息的异步提取、序列跟踪和行为判定方法等关键问题,提高了文件行为监控的覆盖率和判定的准确性。对比实验验证了提出方法的有效性和准确性。
|
| 关 键 词: | 中间层驱动 文件行为 IRP特征序列 数据库 神经网络 |
File Monitoring Model Based on IRP Feature Sequence |
| |
| FAN Xue-bin,PANG Jian-min,ZHANG Yi-chi,YOU Chao.File Monitoring Model Based on IRP Feature Sequence[J].Journal of Information Engineering University,2012,13(4):508-512. |
| |
| Authors: | FAN Xue-bin PANG Jian-min ZHANG Yi-chi YOU Chao |
| |
| Affiliation: | (Institute of Information Engineering, Information Engineering University,Zhengzhou 450002, China) |
| |
| Abstract: | With the extensive application of information technology, key organizations pay increasing attention to the protection of sensitive or confidential files. But existing monitoring techniques can hardly find harmful file operations. After the analysis of the intermediate driver, a file monitoring model based on the IRP feature sequence is proposed. With this model, key issues such as the asyn-chronous extraction of IRP feature information, sequence tracking and operation judging can be solved effectively, which means improved file monitoring coverage and judgment accuracy. Compar-ative experiments demonstrate the validity and accuracy of the proposed method. |
| |
| Keywords: | intermediate driver file action IRP feature sequence database neural network |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《信息工程大学学报》浏览原始摘要信息 |
|
点击此处可从《信息工程大学学报》下载全文 |
|
