| 时间序列模型在入侵检测中的应用研究 |
| |
| 引用本文: | 赵铁山,李增智,高波.时间序列模型在入侵检测中的应用研究[J].计算机工程与设计,2005,26(5):1128-1129,1175. |
| |
| 作者姓名: | 赵铁山 李增智 高波 |
| |
| 作者单位: | 西安交通大学,计算机系统结构与网络研究所,陕西,西安,710049;中国西昌卫星发射中心技术部,四川,西昌,615000;西安交通大学,计算机系统结构与网络研究所,陕西,西安,710049;中国西昌卫星发射中心技术部,四川,西昌,615000 |
| |
| 基金项目: | 国家863高技术研究发展基金项目(2003AA132050) |
| |
| 摘 要: | 入侵检测是计算机系统安全技术的重要组成部分,是计算机领域当前研究热点之一。提出了一种用于入侵检测的时间序列模型。对于计算机系统运行的某一时段,用前K次审计时事件发生次数的均值作为第K 1次的期望值,然后求期望值和第K 1次的实际次数的相对误差。当相对误差超过某一阈值时,则认为在第K 1次发生了入侵。通过仿真揭示了阈值的选择规律。仿真结果证明,在突然发生较多的入侵事件时,模型工作良好。
|
| 关 键 词: | 入侵检测 时间序列模型 相对误差 阈值 仿真 |
| 文章编号: | 1000-7024(2005)05-1128-02 |
Research of applying time-based sequence model to intrusion detection |
| |
| ZHAO Tie-shan,LI Zeng-zhi,GAO Bo.Research of applying time-based sequence model to intrusion detection[J].Computer Engineering and Design,2005,26(5):1128-1129,1175. |
| |
| Authors: | ZHAO Tie-shan LI Zeng-zhi GAO Bo |
| |
| Affiliation: | ZHAO Tie-shan 1,2,LI Zeng-zhi 1,GAO Bo 2 |
| |
| Abstract: | Intrusion detection is an important part of computer security. It is a research hotspot. A time-based sequence model applying to intrusion detection is brought forward. In some period of time of a running computer system, mean value of an event's frequency in k audits is taken as expected value at k+1th audit. Relative error of the expected value and real value at k+1th audit is computed. If the relative error is bigger than some set threshold, an intrusion occurs at K+1th audit. Simulation results open out how to select threshold. If a large amount of intrusion events appear in a short time, the model works effectively. |
| |
| Keywords: | intrusion detection time-based sequence model relative error threshold simulation |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
