| 基于线性预测与马尔可夫模型的入侵检测技术研究 |
| |
| 引用本文: | 尹清波,张汝波,李雪耀,王慧强.基于线性预测与马尔可夫模型的入侵检测技术研究[J].计算机学报,2005,28(5):900-907. |
| |
| 作者姓名: | 尹清波 张汝波 李雪耀 王慧强 |
| |
| 作者单位: | 哈尔滨工程大学计算机科学与技术学院,哈尔滨,150001;哈尔滨工程大学计算机科学与技术学院,哈尔滨,150001;哈尔滨工程大学计算机科学与技术学院,哈尔滨,150001;哈尔滨工程大学计算机科学与技术学院,哈尔滨,150001 |
| |
| 基金项目: | 国家预研基金(413150702),哈尔滨工程大学基础研究基金(HEUF04084)资助.~~ |
| |
| 摘 要: | 入侵检测技术是现代计算机系统安全技术中的重要组成部分.该文提出了基于线性预测与马尔可夫模型相结合的入侵检测方法.首先提取特权进程的行为特征,引入时间序列分析技术——用线性预测技术对特权进程产生的系统调用序列提取特征向量来建立正常特征库,并在此基础上建立了马尔可夫模型.由马尔可夫模型产生的状态序列计算状态概率,根据状态序列概率来评价进程行为的异常情况.然后,利用马尔可夫信源熵与条件熵进行参数选取,对模型进行优化,进一步提高了检测率.实验表明该算法准确率高、实时性强、占用系统资源少.
|
| 关 键 词: | 线性预测 马尔可夫模型 入侵检测 马尔可夫信源熵 系统调用 |
Research on Technology of Intrusion Detection Based on Linear Prediction and Markov Model |
| |
| YIN Qing-Bo,ZHANG Ru-bo,LI Xue-yao,WANG Hui-qiang.Research on Technology of Intrusion Detection Based on Linear Prediction and Markov Model[J].Chinese Journal of Computers,2005,28(5):900-907. |
| |
| Authors: | YIN Qing-Bo ZHANG Ru-bo LI Xue-yao WANG Hui-qiang |
| |
| Abstract: | Intrusion detection has emerged as an important approach of computer security technique. A new kind of method for anomaly intrusion detection is proposed based on linear prediction and Markov model. At first, linear prediction technique is employed to extract features from system call sequences of the privileged processes which are used to make up of the character database of those processes, and then the Markov model is founded based on the features; and Markov information source entropy and condition entropy are used to select parameter and optimize the model. The merits of the model are simple and exact to predict. The experiments show this method is effective and efficient in real time and light load, and can be used to in practice to monitor the computer system in real time. |
| |
| Keywords: | linear prediction Markov model intrusion detection Markov information source entropy system call |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
