| 利用系统调用序列检测入侵的一种新方法 |
| |
| 引用本文: | 潘峰,欧阳明光,汪为农.利用系统调用序列检测入侵的一种新方法[J].上海交通大学学报,2004,38(1):26-28,33. |
| |
| 作者姓名: | 潘峰 欧阳明光 汪为农 |
| |
| 作者单位: | 上海交通大学,计算机科学与工程系,上海,200030 |
| |
| 基金项目: | 国家自然科学基金资助项目(60073034) |
| |
| 摘 要: | 提出了一种使用系统调用序列检测入侵的新算法.算法利用了一种称为权值树的数据结构,首先使用正常权值树序列生成权值树森林,为了学习新的模式和消除杂质,权值树还可以被定期修剪.然后扫描异常调用序列,通过权值树得到对应的权值序列,这些权值序列能够显示是否出现了异常.实验取得了理想的结果.
|
| 关 键 词: | 入侵检测 异常检测 网络安全 |
| 文章编号: | 1006-2467(2004)01-0026-03 |
A New Method to Detect Intrusions Using System Calls |
| |
| PAN Feng,OUYANG Ming-guang,WANG Wei-nong.A New Method to Detect Intrusions Using System Calls[J].Journal of Shanghai Jiaotong University,2004,38(1):26-28,33. |
| |
| Authors: | PAN Feng OUYANG Ming-guang WANG Wei-nong |
| |
| Abstract: | This paper advanced a new algorithm to detect network intrusions using sequences of system calls. This algorithm uses a data structure called weight tree, first it uses normal system call trace to build weight tree forest, which have to be pruned periodically in order to learn new pattern and eliminate impurity. Then it scans abnormal trace using those trees and gets the corresponding weight sequences. Those weight sequences can tell us if something abnormal has happened or not. It acquired good results in experiment. |
| |
| Keywords: | intrusion detection abnormal detection unix security |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
