| 系统调用序列分类的Motif方法及其在异常诊断中的应用 |
| |
| 引用本文: | ZHANG Xiang-hua,李继伟,JIANG Zhao-hui,冯焕清.系统调用序列分类的Motif方法及其在异常诊断中的应用[J].小型微型计算机系统,2008,29(8). |
| |
| 作者姓名: | ZHANG Xiang-hua 李继伟 JIANG Zhao-hui 冯焕清 |
| |
| 作者单位: | 中国科学技术大学,多媒体计算与通信教育部微软重点实验室,安徽,合肥,230027 |
| |
| 摘 要: | 系统调用序列分析应用于异常诊断时大都提取定长或变长的子序列作为系统行为的特征,没有考虑系统调用的语义,而某些系统调用的语义是与进程的功能相关的.本文利用特殊系统调用的语义,从系统调用序列中提取motif-同类序列中经常出现的并与一定功能相关的子序列作为特征,并用这些motif建立分类器对序列进行自动分类.将此方法应用到PC机的入侵检测和系统故障诊断,结果表明,以motif为特征对序列进行分类,不仅可以提高识别率,降低误警报率,而且可以明显降低特征空间的维数.
|
| 关 键 词: | 系统调用序列 模式 分类 异常检测 |
System Call Sequence Classification for Anomaly Diagnosis Using Motif Method |
| |
| ZHANG Xiang-hua,LI Ji-wei,JIANG Zhao-hui,FENG Huan-qing.System Call Sequence Classification for Anomaly Diagnosis Using Motif Method[J].Mini-micro Systems,2008,29(8). |
| |
| Authors: | ZHANG Xiang-hua LI Ji-wei JIANG Zhao-hui FENG Huan-qing |
| |
| Affiliation: | ZHANG Xiang-hua,LI Ji-wei,JIANG Zhao-hui,FENG Huan-qing(MOE-Microsoft Key Laboratory of Multimedia Computing , Communication,University of Science , Technology of China,Hefei 230027,China) |
| |
| Abstract: | System call sequences have been widely used for anomaly diagnosis.Traditional methods rely on fixed-length or variable-length patterns of the system calls to model program behavior.However,these techniques are all based on the mathematical rules,and do not consider the semantics of the events which might indicate the boundaries of program subtasks.This paper presents a novel approach to use system call semantics to extract the motif as the characterization of program behavior.A motif is an estimated paragra... |
| |
| Keywords: | system call sequence motif classification anomaly diagnosis |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
