| 基于粗糙集约简的进程系统调用序列异常检测方法研究 |
| |
| 引用本文: | 鲜明,张义荣,肖顺平,王国玉.基于粗糙集约简的进程系统调用序列异常检测方法研究[J].计算机科学,2006,33(8):281-284. |
| |
| 作者姓名: | 鲜明 张义荣 肖顺平 王国玉 |
| |
| 作者单位: | 国防科技大学电子科学与工程学院,长沙410073 |
| |
| 基金项目: | 国家自然科学基金;国防预研基金 |
| |
| 摘 要: | 提出了一种基于粗糙集约简的系统调用序列异常检测方法,其基本思想是利用粗糙集约简来对第k个系统调用位置进行预测,把前k-1个位置视为条件属性集,第k个位置视为决策属性,通过Rough集约简方法得到一组预测第k个系统调用位置的最小规则集,进而可用于对实际进程的异常检测。基于合成的UNM sendmail系统调用数据的实验结果表明,本文所提出的异常检测算法性能好于Forrest等人的tide方法,与Wenke Lee等人的数据挖掘算法检测精度相当。但在选择较大的阈值时,漏报率更低。
|
| 关 键 词: | 异常检测 系统调用序列 粗糙集 约简 不一致推理 |
Research on Anomaly Detection of System Call Sequences of Process Based on Rough Set Reduction |
| |
| XIAN Ming,ZHANG Yi-Rong,XIAO Shun-Ping,WANG Guo-Yu.Research on Anomaly Detection of System Call Sequences of Process Based on Rough Set Reduction[J].Computer Science,2006,33(8):281-284. |
| |
| Authors: | XIAN Ming ZHANG Yi-Rong XIAO Shun-Ping WANG Guo-Yu |
| |
| Affiliation: | School of Electronic Science and Engineering, National Univ, of Defense Technology, Changsha 410073 |
| |
| Abstract: | An anomaly detection technique of system call sequence based on rough set reduction is presented in this paper. Its fundamental idea is that rough set reduction is utilized to predict the kth position of process system call trail, i. e., the kth position is viewed as the decision attribute and the previous(k-1)positions are viewed as conditional attributes. The method of rough set reduction gives a set of minimal rules of predicting the kth system call position, thus it can apply to anomaly detection. The experiments based on synthetical sendmail system call sequences from UNM show that the proposed anomaly detection algorithm in the paper is superior to tide and comparable to the data mining algorithm of Wenke Lee, et al. in detection precision, moreover, achieves a lower negative positive rate when selecting a slightly large threshold. |
| |
| Keywords: | Anomaly detection System call sequence Rough set Reduct Inconsistent reasoning |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机科学》浏览原始摘要信息 |
|
点击此处可从《计算机科学》下载全文 |
|
