| 一种分析系统调用序列的入侵检测系统设计与实现 |
| |
| 引用本文: | 徐漫江,曹元大.一种分析系统调用序列的入侵检测系统设计与实现[J].北京理工大学学报,2004,24(4):342-344. |
| |
| 作者姓名: | 徐漫江 曹元大 |
| |
| 作者单位: | 1. 北京理工大学,信息科学技术学院计算机科学工程系,北京,100081
2. 北京理工大学,软件学院,北京,100081 |
| |
| 摘 要: | 结合程序局部性原理,提出系统调用序列中位置间的相关度定义.利用相关度给出了实际系统调用序列与正常系统调用序列间的模糊匹配方法,利用该方法判断应用程序运行状况,进行入侵检测.给出了一个采用该方法的主机入侵检测系统,说明了其整体结构设计、模块间调用关系、模块设计原理、模块实现方法及用于验证该入侵检测系统的实验环境.通过实验结果验证了检测方法是有效的.
|
| 关 键 词: | 入侵检测 系统调用 模糊匹配 分析 系统调用 序列 入侵检测 系统设计 Analysis Serial System Call Intrusion Detection System Implementation 检测方法 结果验证 实验环境 模块实现 程序局部性原理 模块设计 关系 结构设计 检测系统 主机 |
| 文章编号: | 1001-0645(2004)04-0342-03 |
| 收稿时间: | 6/5/2003 12:00:00 AM |
| 修稿时间: | 2003年6月5日 |
Design and Implementation of an Intrusion Detection System Using System Call Serial Analysis |
| |
| XU Man-jiang and CAO Yuan-da.Design and Implementation of an Intrusion Detection System Using System Call Serial Analysis[J].Journal of Beijing Institute of Technology(Natural Science Edition),2004,24(4):342-344. |
| |
| Authors: | XU Man-jiang and CAO Yuan-da |
| |
| Institution: | XU Man-jiang~1,CAO Yuan-da~2 |
| |
| Abstract: | Correlation between system calls at different positions is defined based on local theory of programming. A fuzzy matching method, which works between the real system call serial and normal system call serial is presented, using the correlation defined. This method can be used to judge whether the program is running normally and therefore used for intrusion detection. A host based intrusion detection system using the method described above is presented and its system structure, as well as the relation among modules, principle and design of the module are given in detail. A test-bed was used to test the intrusion detection system and the test results used to show the validity of the method. |
| |
| Keywords: | intrusion detection system call fuzzy matching |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《北京理工大学学报》浏览原始摘要信息 |
| 点击此处可从《北京理工大学学报》下载免费的PDF全文 |
