| 基于变长系统调用序列模式的入侵检测方法研究 |
| |
| 引用本文: | 李永忠,徐静,赵博,杨鸽.基于变长系统调用序列模式的入侵检测方法研究[J].江苏科技大学学报(社会科学版),2007,21(3):36-41. |
| |
| 作者姓名: | 李永忠 徐静 赵博 杨鸽 |
| |
| 作者单位: | 江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003 |
| |
| 基金项目: | 江苏省教育厅、江苏科技大学资助课题 |
| |
| 摘 要: | 提出了一种变长序列模式的寻找算法,从训练序列中找出一组基本相对独立的变长序列模式,并在模式集的更新过程中自动定义了模式间的前后次序关系,以此构建了一个描述进程执行模式的DFA。针对已有基于变长序列模式的模式匹配算法需要向前预测若干个系统调用号的缺点,设计了一个更好的模式匹配算法。实验结果表明,算法在模式寻找过程中是稳定的,并在保持小规模模式集的情况下,取得了很低的误报率和漏报率。
|
| 关 键 词: | 入侵检测 系统调用 模式匹配 变长序列模式 |
| 文章编号: | 1673-4807(2007)03-0036-06 |
| 修稿时间: | 2006-04-10 |
Intrusion Detection Using Variable-length System Call Pattern |
| |
| LI Yongzhong,XU Jing,ZHAO Bo,YANG Ge.Intrusion Detection Using Variable-length System Call Pattern[J].Journal of Jiangsu University of Science and Technology:Natural Science Edition,2007,21(3):36-41. |
| |
| Authors: | LI Yongzhong XU Jing ZHAO Bo YANG Ge |
| |
| Institution: | School of Electronics and Information, Jiangsu University of Science and Technology, Zhenjiang Jiangsu 212003, China |
| |
| Abstract: | A new algorithm for the variable-length pattern from system call sequences is proposed.It is the way to present a novel simple technique to build a table of variable-length patterns from the training system call sequences,so as to find out a set of basic and relatively independent variable-length patterns.With this me-thod,all the possible relationships between the variable-length patterns are found out.An exact DFA representation of the program is constructed,and an evaluation scheme is proposed for the variable-length patterns.The experimental results indicate that this algorithm can generate a relative small set of patterns,and obtain very low false positives and false negatives. |
| |
| Keywords: | intrusion detection system call pattern matching variable-length pattern |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
