| 基于扩充数据源的系统调用异常检测算法 |
| |
| 引用本文: | 王宇,刘文予,罗宁.基于扩充数据源的系统调用异常检测算法[J].计算机与数字工程,2006,34(1):13-17. |
| |
| 作者姓名: | 王宇 刘文予 罗宁 |
| |
| 作者单位: | 华中科技大学电子与信息工程系,武汉,430074 |
| |
| 摘 要: | 扩充了传统异常检测算法的数据源,将系统调用参数和系统调用频率信息纳入异常检测算法中。新的算法通过训练统计系统调用的频率信息,建立程序正常运行时的文件访问分布模型,以传统的基于系统调用的异常检测方法为基础,结合训练时得到的信息,确定攻击的优先级。实验结果表明,该方法有效的改善了原方法的检测率和误报率等指标。
|
| 关 键 词: | 系统调用 异常检测 调用参数 频率 扩展数据源 |
| 修稿时间: | 2005年4月15日 |
System Call Anomaly Detection Based on Extended Data Sources |
| |
| Wang Yu,Liu Wenyu,Luo Ning.System Call Anomaly Detection Based on Extended Data Sources[J].Computer and Digital Engineering,2006,34(1):13-17. |
| |
| Authors: | Wang Yu Liu Wenyu Luo Ning |
| |
| Abstract: | In this paper,extended data sources,which include the parameters and frequencies of system calls,are used in detection algorithms.The basic idea is to record system call frequency information,construct file access distribution models of properly running programs at train phase,at detection phase,traditional methods are modified to take these information and models into account to detect attacks and determine priorities.Experiments show that our method can effectively improve detection rate,while its false positive performance is better than the other approaches. |
| |
| Keywords: | System Call Anomaly Detection Parameter Frequency Extended Data Sources |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
