|
|||||
|
|
| 基于序列互相关特性和SVM的入侵检测研究 | |
| 引用本文: | 张小强,朱中梁,范平志,何明星.基于序列互相关特性和SVM的入侵检测研究[J].铁道学报,2007,29(3):113-117. |
| 作者姓名: | 张小强 朱中梁 范平志 何明星 |
| 作者单位: | 1. 西南交通大学,物流学院,四川,成都,610031;西南电子电讯技术研究所重点实验室,四川,成都,610041 2. 西南交通大学,物流学院,四川,成都,610031 3. 西华大学,数学与计算机学院,四川,成都,610039 |
| 摘 要: | 通过刻画特权进程的系统调用来进行入侵检测已被广泛研究,采用的大多是人工智能方法,如支持向量机、隐马尔可夫模型和神经网络等。针对这种基于人工智能的入侵检测系统,本文提出应用序列互相关特性选择训练数据的方法。序列的互相关特性是刻画序列之间的相互关系的重要手段,使用具有一定特性的序列来训练人工智能模型,可以提高入侵检测的效率。在本文中,使用了支持向量机(SVM)来评价序列的互相关特性在模型训练中的作用。实验仿真说明,这种方法可以有效的提高入侵检测率。 |
| 关 键 词: | 支持向量机 互相关性 系统调用 入侵检测 |
| 文章编号: | 1001-8360(2007)03-0113-05 |
| 修稿时间: | 2005-09-282006-01-04 |
Intrusion Detection Based on SVM and Cross-correlation of Sample Sequences |
|
| ZHANG Xiao-qiang,ZHU Zhong-liang,FAN Ping-zhi,HE Ming-xing.Intrusion Detection Based on SVM and Cross-correlation of Sample Sequences[J].Journal of the China railway Society,2007,29(3):113-117. | |
| Authors: | ZHANG Xiao-qiang ZHU Zhong-liang FAN Ping-zhi HE Ming-xing |
| Abstract: | The intrusion detection using system call sequences has been widely studied.This kind of intrusion detection is usually based on the artificial intelligence,such as SVM(the support vector machine),HMM(the hidden markov model) and NN(the neural network).For this kind of intelligent intrusion detection system,the training dataset is important to the performance of the IDS.Applying cross-correlation to select the training data set can greatly improve the performance of the intrusion detection system.Cross-correlation is defined as a kind of important properties among system call sequences.In this paper,a new method based on the cross-correlation sample and SVM is proposed.This method is evaluated by the system call data set from Prof.Forrest.The simulation results show that this method has better intrusion detection rates. |
| Keywords: | SVM cross-correlation system call intrusion detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! | |