| 基于系统调用序列的入侵检测模型 |
| |
| 引用本文: | 范轶彦,郭国强,朱利群. 基于系统调用序列的入侵检测模型[J]. 西华大学学报(自然科学版), 2005, 24(3): 75-77 |
| |
| 作者姓名: | 范轶彦 郭国强 朱利群 |
| |
| 作者单位: | 湖南文理学院计算机科学与技术系,湖南,常德,415000;湖南文理学院计算机科学与技术系,湖南,常德,415000;湖南文理学院计算机科学与技术系,湖南,常德,415000 |
| |
| 摘 要: | 提出了一种基于系统调用序列的入侵检测模型,利用绝对安全环境下的应用程序系统调用序列建立正常行为模式。当发现实际系统调用序列模式与正常的行为模式不匹配时,标记为人侵,并采取应急措施。一个例程管理一个进程,给出了模式的适应度计算方法以及两个生成下一代模式的算子。实验结果表明:入侵检测模型与现有的一些模型相比,具有更好的准确性和更高的效率。
|
| 关 键 词: | 网络系统 入侵检测 系统调用序列 异常检测 模式匹配 |
| 文章编号: | 1673-159X(2005)03-0075-03 |
| 收稿时间: | 2004-10-09 |
| 修稿时间: | 2004-10-09 |
An Intrusion Detection Model Based on System Call Sequences |
| |
| FAN Yi-yan,GUO Guo-qiang,ZHU Li-qun. An Intrusion Detection Model Based on System Call Sequences[J]. Journal of Xihua University(Natural Science Edition), 2005, 24(3): 75-77 |
| |
| Authors: | FAN Yi-yan GUO Guo-qiang ZHU Li-qun |
| |
| Abstract: | In this paper an intrusion detection model based on system call sequences is proposed, and a normal activity mode of the system call sequences in absolute security environment is established. If the model finds the real system call sequences mode of the process does not match the normal activity mode, it will flag the process as intrusion and take some actions to respond to it. One instance of the model monitors one process. And a new method of calculating the fitness and two operators to generate the next offspring are provided. The experimental results demonstrate that compared with some of the current models, the model presented in this paper is more veracious and more efficient. |
| |
| Keywords: | network system intrusion detection system call sequences anomaly detection pattern match |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
