| IIDS的行为特征提取方法研究 |
| |
| 引用本文: | 李千目,戚湧,张宏,刘凤玉.IIDS的行为特征提取方法研究[J].南京理工大学学报(自然科学版),2004,28(2):140-144. |
| |
| 作者姓名: | 李千目 戚湧 张宏 刘凤玉 |
| |
| 作者单位: | 南京理工大学,计算机科学与技术系,江苏,南京,210094 |
| |
| 基金项目: | 国家自然科学基金项目 (6 0 2 73137),国防科工委应用基础基金项目 |
| |
| 摘 要: | 针对目前的入侵检测系统存在先验知识较少的情况下推广能力差的问题,基于免疫原理,将肽链定义为在操作系统中由特权进程执行的系统调用及参数段序列;基于广义后缀树、粗集和神经网络理论,提出一种新的免疫入侵检测模型的行为特征提取方法,有效解决了行为特征的获取和知识库的构建。该方法设计有独立而完整的特征数据库,提高检测系统的强壮性和可伸缩性;对高频度行为模式优先分析和处理,提高检测的速度。该方法不仅去除了降低检测效率的规则,而且生成了更强的规则子集。实验结果表明,该方法的有效性和检测的高效性。
|
| 关 键 词: | 免疫入侵检测系统 粗集 神经网络 |
| 文章编号: | 1005-9830(2004)02-0140-05 |
| 修稿时间: | 2003年4月28日 |
Research on Method for Obtaining Action Character Based on IIDS |
| |
| LI Qian-mu,QI Yong,ZHANG Hong,LIU Feng-yu.Research on Method for Obtaining Action Character Based on IIDS[J].Journal of Nanjing University of Science and Technology(Nature Science),2004,28(2):140-144. |
| |
| Authors: | LI Qian-mu QI Yong ZHANG Hong LIU Feng-yu |
| |
| Abstract: | The generalizing ability of current IDS (Intrusion Detection System) is poor when less prior knowledge is given. According to the immunology principle of bionics, a new method for obtaining action character in IIDS is presented, which based on generalized suffix tree, rough set and neural network. In this paper short sequences of system calls and parameters executed by privileged procedure are viewed as analogous peptide. The characteristics of this method are as follows: 1.the databases are special and integrity. It improves the robustness and flexibility of the system; 2.The behavior model whose frequency is higher is analyzed and the processed first. It improves the speed and the effectiveness of intrusion detection; 3.The rules that affected the effectiveness of the system is be deleted,and be replaced by better rules.Experiments show that the proposed method is practical and efficient. |
| |
| Keywords: | immunological intrusion detection system rough sets neural network |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
