| 基于马尔科夫链的主机异常检测方法研究 |
| |
| 引用本文: | 刘永庆,刘东生.基于马尔科夫链的主机异常检测方法研究[J].计算机与数字工程,2010,38(7):20-23. |
| |
| 作者姓名: | 刘永庆 刘东生 |
| |
| 作者单位: | 海军计算技术研究所,北京,100841 |
| |
| 摘 要: | 提出了基于马尔科夫链模型的主机异常检测方法,首先提取特权进程的行为特征,并在此基础上构造Markov模型。由Markov模型产生的状态序列计算状态概率,根据状态序列概率来评价进程行为的异常情况。利用Markov模型的构造充分提取特权进程的局部行为特征的相互关系。实验表明该模型算法简单、实时性强、检测率高、误报率低、适合用于在线检测。
|
| 关 键 词: | 异常检测 马尔科夫链模型 系统调用序列 网络安全 |
An Anomaly Detection Method Based on Markov Model |
| |
| Liu Yongqing,Liu Dongsheng.An Anomaly Detection Method Based on Markov Model[J].Computer and Digital Engineering,2010,38(7):20-23. |
| |
| Authors: | Liu Yongqing Liu Dongsheng |
| |
| Affiliation: | Liu Yongqing Liu Dongsheng(Naval Institute of Compute Technology,Beijing 100841) |
| |
| Abstract: | A new method for anomaly intrusion detection is proposed based on Markov model.At first,behavioral features are extracted from the privileged processes,and then the Markov model is founded based on the features.The state sequences of Markov model are analyzed to infer the state probability,which is used to classify the normal or abnormal behavior.It can extract the relationships of local behavioral features of the privileged processes adequately.When the training sets are limited,the method predicts exactly.The experiments show this method is simple,effective and efficient,and can be used in practice to monitor the computer system in real time with high TPR and low FPR. |
| |
| Keywords: | anomaly detection Markov model system recall sequence network security |
| 本文献已被 维普 万方数据 等数据库收录! |
|
