| 基于K-Nearest Neighbor分类算法的异常检测模型 |
| |
| 引用本文: | 宋辛科.基于K-Nearest Neighbor分类算法的异常检测模型[J].西安石油大学学报(自然科学版),2004,19(2):77-79. |
| |
| 作者姓名: | 宋辛科 |
| |
| 作者单位: | 西安石油大学,信息中心,陕西,西安,710065 |
| |
| 摘 要: | 入侵检测成了信息安全中不可缺少的安全措施 ,而异常检测是入侵检测研究中的热点 .提出了一种新的异常检测算法 ,用 K- Nearest Neighbor分类算法对特权程序 (或进程 )的系统调用进行分析 ,通过计算系统调用出现的频度判断进程是否异常 .测试表明 ,该方法具有良好的检测性能和较低的误报率 ,占用的系统资源较少 ,是一种合理可行的检测方法
|
| 关 键 词: | 异常检测 算法 系统调用 特权进程 网络安全 |
| 文章编号: | 1001-5361(2004)02-0077-03 |
| 修稿时间: | 2003年10月16 |
An anomaly detection model based on K-nearst neighbor classification algorithm |
| |
| SONG Xin-ke.An anomaly detection model based on K-nearst neighbor classification algorithm[J].Journal of Xian Shiyou University,2004,19(2):77-79. |
| |
| Authors: | SONG Xin-ke |
| |
| Abstract: | Intrusion detection becomes one of essential information security measures, and the research of intrusion detection focuses on anomaly detection. A new anomaly detection algrithm is proposed. It analyzes the system calls of privileged process through K-nearest neighbor classification algorithm, and it decides whether the process is abnormal by computing the frequency of the system calls. The test result shows that the algorithm is reasonable and feasible for it has good detecting performance and lower false positive rate and it costs a little. |
| |
| Keywords: | anomaly detection algorithm system call privileged process network safety |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
