首页 | 本学科首页   官方微博 | 高级检索  
     

多维进程行为评估模型建立及最优化方法
引用本文:毛琨 杜学绘 孙奕. 多维进程行为评估模型建立及最优化方法[J]. 计算机应用, 2013, 33(8): 2244-2249
作者姓名:毛琨 杜学绘 孙奕
作者单位:1. 数字工程与先进计算国家重点实验室,郑州 4500042. 信息工程大学,郑州 450004;
摘    要:针对目前进程行为评估模型所存在的模型优化问题和模型选取问题,定义进程行为,采用隐马尔可夫模型(HMM)来描述进程行为。讨论了准确率与误报率的关系,提出多维进程行为评估模型,以弥补单一进程行为评估模型的不足,基于布尔运算对多维进程行为评估模型进行融合,提高了评估性能。并基于代价决策树理论,给出了选取最优进程行为评估模型的目标函数,用于在融合后的多维进程行为评估模型上选择最优进程行为评估模型。最后,对所提出的多维进程行为评估模型的性能进行了测试,并与传统的STIDE和HMM方法进行了比较,结果证明了其有效性和优越性。

关 键 词:进程行为  异常检测  多维进程行为评估模型  布尔运算  代价决策树  最优进程行为评估模型  
收稿时间:2013-02-08
修稿时间:2013-03-27

Multiple-dimension process behavior evaluation model and its optimization
MAO Kun DU Xuehui SUN Yi. Multiple-dimension process behavior evaluation model and its optimization[J]. Journal of Computer Applications, 2013, 33(8): 2244-2249
Authors:MAO Kun DU Xuehui SUN Yi
Affiliation:1. Information Engineering University, Zhengzhou Henan 450004, China
2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou Henan 450004, China
Abstract:To solve the existing problems of optimization and selection in process behavior evaluation model, the process behavior was defined, and the process behavior was described based on Hidden Markov Model (HMM). The relation between precision rate and false positives rate was discussed, and a multiple-dimension process behavior evaluation model based on Boolean function was proposed, which overcame the shortcomings of single process behavior evaluation model, and increased evaluation performance. On the basis of cost decision tree, the target function was given to select the optimal process behavior on the proposed evaluation model. Finally, the proposed evaluation model was tested and compared with the traditional Sequence TIme-Delay Embedding (STIDE) and HMM method. The test results verify the efficiency and superiority of the proposed model.
Keywords:process behavior   anomaly detection   multiple-dimension process behavior evaluation model   Boolean function   cost decision tree   optimal process behavior evaluation model  
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号