| 一种基于均值Hamming距离的异常入侵检测方法 |
| |
| 引用本文: | 杜晔,王慧强,庞永刚.一种基于均值Hamming距离的异常入侵检测方法[J].系统仿真学报,2004,16(12):2853-2856. |
| |
| 作者姓名: | 杜晔 王慧强 庞永刚 |
| |
| 作者单位: | 哈尔滨工程大学,哈尔滨,150001 |
| |
| 基金项目: | 国防“十五”预研基金 (413150702) |
| |
| 摘 要: | 对进程级的入侵检测技术进行了研究,提出了一种基于均值Hamming距离的异常入侵检测方法—AHDAD,监控对象为特权进程的系统调用序列,通过计算偏离量检测入侵。AHDAD算法简单、检测准确率高、时间开销小,使实时入侵检测成为可能。最后,用原型实验证实了方法的可行性。
|
| 关 键 词: | 入侵检测 均值Hamming距离 特权进程 系统调用 |
| 文章编号: | 1004-731X(2004)12-2853-04 |
| 修稿时间: | 2003年11月20 |
Average Hamming Distance Based Anomaly Intrusion Detection |
| |
| DU Ye,WANG Hui-qiang,PANG Yong-gang.Average Hamming Distance Based Anomaly Intrusion Detection[J].Journal of System Simulation,2004,16(12):2853-2856. |
| |
| Authors: | DU Ye WANG Hui-qiang PANG Yong-gang |
| |
| Abstract: | The intrusion detection techniques at the level of system processes are discussed, and a new method named AHDAD (Average Hamming Distance-based Anomaly intrusion Detection) is presented, which can be used to monitor the sequences of system calls in privileged processes and calculate deviation to discriminate between normal and abnormal. The method has some advantages, such as algorithm simplicity, low overhead of time, high accuracy and real-time detection. The prototype experiment results prove the validation of it. |
| |
| Keywords: | intrusion detection average hamming distance privileged process system call |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
