| 基于系统调用序列的柔性状态机入侵检测模型 |
| |
| 引用本文: | 崔国华,李道文.基于系统调用序列的柔性状态机入侵检测模型[J].华中科技大学学报(自然科学版),2003,31(1):40-42. |
| |
| 作者姓名: | 崔国华 李道文 |
| |
| 作者单位: | 华中科技大学计算机科学与技术学院 |
| |
| 基金项目: | 国家高技术研究发展计划基金资助项目 (30 1 1 3) |
| |
| 摘 要: | 以系统运行过程中出现的系统序列为依据,建立了一种柔性状态机模型,用以判断入侵行为,此模型既准确描述系统行为,又表现系统随机特征,此模型可以快速生成一个检测实例,满足不同应用环境的要求。
|
| 关 键 词: | 入侵检测模型 计算机安全 特权进程 系统调用序列 柔性状态机 入侵行为 |
| 文章编号: | 1671-4512(2003)01-0040-03 |
| 修稿时间: | 2002年5月22日 |
A flexible State-machine model for intrusion detection based on sequences of system calls |
| |
| Cui Guohua,Li Daowen.A flexible State-machine model for intrusion detection based on sequences of system calls[J].JOURNAL OF HUAZHONG UNIVERSITY OF SCIENCE AND TECHNOLOGY.NATURE SCIENCE,2003,31(1):40-42. |
| |
| Authors: | Cui Guohua Li Daowen |
| |
| Abstract: | Length fixed sequences of system calls are the "states"-the basic elements of the flexible State machine. There may be some direct or indirect consequential relations. Among these states, they can be reflected in the flexible State machine to some extent. Compared with the common detecting methods, it can be simply established. To improve the accuracy, the transition probabilities from one state to another were introduced in this model. A probability threshold on this model was worked out to discriminate between normal and abnormal operating behaviors. |
| |
| Keywords: | computer intrusion detection privileged process system calls sequences flexible State machine |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
