| 一种基于最大熵原理系统异常检测模型研究 |
| |
| 引用本文: | 张健,陈松乔.一种基于最大熵原理系统异常检测模型研究[J].小型微型计算机系统,2008,29(4):643-648. |
| |
| 作者姓名: | 张健 陈松乔 |
| |
| 作者单位: | 中南大学,信息科学与工程学院,计算机应用技术系,湖南,长沙,410083 |
| |
| 摘 要: | 大多数基于系统调用序列分析的系统异常检测方法在对系统调用序列裁减和特征提取过程中没有客观评估特征表述进程行为的能力,其结果造成了许多误警、漏警问题,影响了检测性能.提出了一种基于最大熵原理的系统异常检测模型,通过计算互信息量和Z测试实现特征提取,通过构建最大熵模型实现特征评估与检测分类器.通过改进Bloom Filter算法实现高效的特征查找或匹配.较好的改善了系统异常检测的性能,对比实验结果证明,该检测模型能够以较高的精确度及时的检测出异常攻击行为.
|
| 关 键 词: | 系统调用序列 系统调用短序列 最大熵模型 特征提取 熵原理 系统 异常检测模型 研究 Maximum Entropy Principle Sequence System Call Model Detect Abnormal 攻击行为 精确度 对比实验 检测性能 改善 匹配 查找 算法实现 Bloom Filter |
| 文章编号: | 1000-1220(2008)04-0643-06 |
| 修稿时间: | 2006年11月27 |
Research on an Abnormal Detect Model for System Call Sequence Using Maximum Entropy Principle |
| |
| ZHANG Jian,CHEN Song-qiao.Research on an Abnormal Detect Model for System Call Sequence Using Maximum Entropy Principle[J].Mini-micro Systems,2008,29(4):643-648. |
| |
| Authors: | ZHANG Jian CHEN Song-qiao |
| |
| Affiliation: | ZHANG Jian,CHEN Song-qiao(Department of Information Science an Engineering Institute of Computer Application Techology,Center-South University,Changsha 410083,China) |
| |
| Abstract: | Now most of the Abnormal Detect Methods based on System Call Sequence analysis can't evaluate the capability of features characterizing process's behavior in the process of system call sequence reduction and feature selection,which causes many missed warnings and performance problems.In this paper,we propose a new abnormal detect model using maximum entropy principle,which achieves feature selection using mutual information and Z-Test,feature evaluation and systematizer using maximum entropy model.,and an e... |
| |
| Keywords: | system call sequences system call short sequence maximum entropy principle feature selection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
