| 基于程序的异常检测研究综述 |
| |
| 引用本文: | 黄金钟,朱淼良.基于程序的异常检测研究综述[J].计算机科学,2011,38(6):7-13,53. |
| |
| 作者姓名: | 黄金钟 朱淼良 |
| |
| 作者单位: | 浙江大学计算机科学与技术学院,杭州,310027 |
| |
| 基金项目: | 本文受国家自然科学基金(60773182)资助。 |
| |
| 摘 要: | 以程序正常行为描述方法为线索,将利用系统调用数据检测程序异常行为的各种技术分类为基于规范的方法、基于频率的方法、控制流分析方法、数据流分析方法。详细介绍了这些方法的基本思想、使用的各种模型以及最新研究进展,指出并分析了现有技术中存在的问题和不足,正式提出了基于程序的异常检测技术应该以各种服务器程序为研究对象的观点,介绍了一个经过初步实验验证了的、基于服务器程序运行踪迹层次结构的异常检测原型系统,该原型系统利用了服务器程序请求一应答式工作特征和一些关键系统调用的语义信息以及运行时的动态信息,通过结构模式识别技术在识别服务器程序正常行为过程中发现异常并具备分析异常、提供入侵相关详细信息的能力,而这种能力正是异常检测技术进一步研究发展的方向之一。
|
| 关 键 词: | 入侵检测,异常检测,异常分析,系统调用,服务器程序,结构模式识别 |
Overview of Anomaly Detection Based on Program |
| |
| HUANG Jin-zhong,ZHU Miao-liang.Overview of Anomaly Detection Based on Program[J].Computer Science,2011,38(6):7-13,53. |
| |
| Authors: | HUANG Jin-zhong ZHU Miao-liang |
| |
| Affiliation: | (College of Computer Science and Technology,Zhejiang University,Hangzhou 310027,China) |
| |
| Abstract: | In terms of methods describing normal program behavior, anomaly detection based on program can be grouped into several broad categories; specification-based, frectuency-based, control-flow-based, and data-flow-based. After reviewing systematically the basic ideas and various models used in these approaches, discussing the new advances of the technique, pointing out and analyzing some problems and weaknesses which exist in current research, this paper formulcted a notion that anomaly detection based on program should focus attention on various server programs. A system prototype based on the hierarchical structure of server programs' traces and validated by a preliminary experiment was simply introduced. The prototype is capable of analyzing anomalous events and providing detailed information with resped to intrusion,and these abilities are just the trend for more research of anomaly detection. |
| |
| Keywords: | Intrusion detection Anomaly detection Anomaly analysis System call Server programs Structural pattern recognition |
| 本文献已被 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
