| 基于系统调用序列分析的入侵检测方法 |
| |
| 引用本文: | 李陶深,唐任鹏.基于系统调用序列分析的入侵检测方法[J].计算机工程与设计,2006,27(10):1761-1763,1766. |
| |
| 作者姓名: | 李陶深 唐任鹏 |
| |
| 作者单位: | 广西大学,计算机与电子信息学院,广西,南宁,530004;广西大学,计算机与电子信息学院,广西,南宁,530004 |
| |
| 基金项目: | 广西留学回国人员科研启动基金;广西科技攻关项目 |
| |
| 摘 要: | 提出了一种改进的基于系统调用序列分析的入侵检测方法,该方法对审计数据首先进行MLSI现象的检测,在发现MLSI之后,再与正常库进行匹配,以检测是否有入侵行为.理论分析和实验表明,MLSI能够有效地标识入侵,通过查找MLSI,再进行异常检测的方法可以大大地降低系统的开销,这些都说明该方法是有效和可行的.
|
| 关 键 词: | 入侵检测 序列分析 系统调用 网络安全 MLSI |
| 文章编号: | 1000-7024(2006)10-1761-03 |
| 收稿时间: | 2005-03-10 |
| 修稿时间: | 2005-03-10 |
Improved intrusion detection approach based on sequence analysis of system calls |
| |
| LI Tao-shen,TANG Ren-peng.Improved intrusion detection approach based on sequence analysis of system calls[J].Computer Engineering and Design,2006,27(10):1761-1763,1766. |
| |
| Authors: | LI Tao-shen TANG Ren-peng |
| |
| Affiliation: | School of Computer and Electronics and Information Engineering, Guangxi University, Nanning 530004, China |
| |
| Abstract: | An improved intrusion detection approach based on sequence analysis of system calls is proposed. At first, the approach detects MLSI phenomenon to auditing data. After the MLSI is checked out, it will be matched with normal base to test where or not exist the intrusion action. Theory analysis and the result of experiments show that MLSI can effectively identify intrusions and greatly reduce the overhead of the host system. The improved intrusion detection approach based on sequence analysis of system calls are effective and feasible. |
| |
| Keywords: | MLSI |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
