| 基于粗糙集值约简改进算法的进程异常检测 |
| |
| 引用本文: | 王辉,刘峰,赵志宏,骆斌. 基于粗糙集值约简改进算法的进程异常检测[J]. 计算机应用研究, 2010, 27(3): 1064-1067. DOI: 10.3969/j.issn.1001-3695.2010.03.072 |
| |
| 作者姓名: | 王辉 刘峰 赵志宏 骆斌 |
| |
| 作者单位: | 南京大学,软件学院,南京,210093 |
| |
| 摘 要: | 提出一种新的基于粗糙集值约简和系统调用的进程异常检测方法。为了提高约简效率,改进了基于差别矩阵的粗糙集值约简算法。另外创建了一种新的检测模型,能在判断进程是否异常的基础上进一步识别异常种类。它以系统调用短序列中k个位置作为条件属性集,以进程类型作为决策属性,建立决策表;然后使用改进的值约简算法提取规则集,并对规则匹配的结果作统计;最后判断进程类别。实验表明该方法能高效准确地识别异常进程的种类。
|
| 关 键 词: | 系统调用;粗糙集;约简;异常检测 |
Abnormal detection of processes based on improved rough set value reduction algorithm |
| |
| WANG Hui,LIU Feng,ZHAO Zhi-hong,LUO Bin. Abnormal detection of processes based on improved rough set value reduction algorithm[J]. Application Research of Computers, 2010, 27(3): 1064-1067. DOI: 10.3969/j.issn.1001-3695.2010.03.072 |
| |
| Authors: | WANG Hui LIU Feng ZHAO Zhi-hong LUO Bin |
| |
| Affiliation: | (Software Institute, Nanjing University, Nanjing 210093, China) |
| |
| Abstract: | This paper proposed a new method for abnormal detection of processes based on RS value reduction and system calls.Improved the algorithm of rough set value reduction based on discernibility matrix to increase the reduction efficiency.And built a new detection model.It could not only tell whether the process was normal or abnormal,but also identified the type of the abnormality.First,made a decision table by using the k positions in the short sequences of system calls as the conditional attributes and the ty... |
| |
| Keywords: | system calls rough set reduction abnormal detection |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
