| 基于层次隐马尔科夫模型和变长语义模式的入侵检测方法 |
| |
| 引用本文: | 段雪涛,贾春福,刘春波.基于层次隐马尔科夫模型和变长语义模式的入侵检测方法[J].通信学报,2010,31(3):109-114. |
| |
| 作者姓名: | 段雪涛 贾春福 刘春波 |
| |
| 作者单位: | 1. 南开大学信息技术科学学院,天津,300071
2. 南开大学信息技术科学学院,天津,300071;国家计算机病毒应急处理中心,天津,300457 |
| |
| 基金项目: | 国家自然科学基金资助项目,天津市自然科学基金资助项目 |
| |
| 摘 要: | 分析了定长系统调用短序列在入侵检测系统应用中的不足,利用进程堆栈中的函数调用返回地址信息,提出了一种变长短序列的语义模式切分方法,并根据这种变长语义模式之间的层次关系和状态转移特性提出了基于层次隐马尔科夫模型的入侵检测方法.实验结果表明,与传统的隐马尔科夫模型相比,基于层次隐马尔科夫模型的入侵检测方法具有更好的检测效果.
|
| 关 键 词: | 入侵检测 层次隐马尔科夫模型 系统调用 变长语义模式 进程堆栈 |
Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| |
| DUAN Xue-tao,JIA Chun-fu,LIU Chun-bo.Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern[J].Journal on Communications,2010,31(3):109-114. |
| |
| Authors: | DUAN Xue-tao JIA Chun-fu LIU Chun-bo |
| |
| Affiliation: | DUAN Xue-tao1,JIA Chun-fu 1,2,LIU Chun-bo1 (1. College of Information Technological Science,Nankai University,Tianjin 300071,China,2. National Computer Virus Emergency Response Center,Tianjin 300457,China) |
| |
| Abstract: | The defects of intrusion detection using fixed-length short system call sequences were analyzed. A method of extracting variable-length short system call sequences, grounded on the function return addresses stored in the process stacks, was proposed. Based on the hierarchical relationship and the state transition characteristics of the variable-length semantic patterns, a hierarchical hidden Markov intrusion detection model was presented. The experimental results show that the hierarchical hidden Markov int... |
| |
| Keywords: | intrusion detection hierarchical hidden Markov model system call variable-length semantic pattern process stack |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《通信学报》浏览原始摘要信息 |
|
点击此处可从《通信学报》下载全文 |
|
