| 基于Linux系统调用的主机入侵检测系统的设计 |
| |
| 引用本文: | 吴彦波,林中. 基于Linux系统调用的主机入侵检测系统的设计[J]. 计算机工程与设计, 2007, 28(13): 3078-3081 |
| |
| 作者姓名: | 吴彦波 林中 |
| |
| 作者单位: | 华北计算技术研究所,北京,100083;华北计算技术研究所,北京,100083 |
| |
| 摘 要: | 现代计算机系统在稳定性和安全方面存在许多问题,大部分是由于异常的程序行为所导致,主机入侵检测系统能有效的检测程序异常活动.通过对Linux2.4内核的研究,以内核补丁的形式设计与实现了一个原型系统NUMEN,该系统采用前向序列对方法对系统调用序列进行分析,当检测到进程行为异常时,它将延迟该进程发起的系统调用请求,如果异常的出现是由于安全违规活动而引起的,NUMEN在破坏发生之前阻止攻击活动,确保系统的安全性.
|
| 关 键 词: | 入侵检测系统 异常检测 Linux内核 系统调用 前向序列对 |
| 文章编号: | 1000-7024(2007)13-3078-04 |
| 修稿时间: | 2006-06-15 |
Design of host intrusion detection system based on Linux system call |
| |
| WU Yan-bo,LIN Zhong. Design of host intrusion detection system based on Linux system call[J]. Computer Engineering and Design, 2007, 28(13): 3078-3081 |
| |
| Authors: | WU Yan-bo LIN Zhong |
| |
| Affiliation: | North China Institute of Computing Technology, Beijing 100083, China |
| |
| Abstract: | Modern computer systems are plagued with stability and security problems.Many of these problems arise from rare program behaviors.Host intrusion detection system can detect abnormal behavior effectively and a prototype named "NUMEN" is implemented as a small patch for Linux 2.4 kernels,which detects and delays anomaly in program behavior by observing changes in short sequences of system called by the lookahead pairs method.If the anomaly corresponds to a security violation,NUMEN can stop attacks before they can do damage on time,and ensure system security. |
| |
| Keywords: | intrusion detection system abnormal detection Linux kernel system call lookahead pairs |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
