| 贝叶斯树算法在异常入侵检测中的应用 |
| |
| 引用本文: | 李永忠,赵博,杨鸽,徐静.贝叶斯树算法在异常入侵检测中的应用[J].江苏科技大学学报(社会科学版),2008,22(1):52-56. |
| |
| 作者姓名: | 李永忠 赵博 杨鸽 徐静 |
| |
| 作者单位: | 江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003;江苏科技大学,电子信息学院,江苏,镇江,212003 |
| |
| 基金项目: | 江苏省教育厅资助项目
,
江苏科技大学资助项目 |
| |
| 摘 要: | 研究了Windows平台下异常检测方法,提出了一种利用Windows Native API调用序列和基于贝叶斯树算法的主机服务进程规则与对应概率分布生成算法。根据长为N-1的Windows Native API调用序列预测第N个调用的概率分布,对生成的概率序列用U检验方法作为异常检测算法。以贝叶斯树作为弱分类算法,利用AdaBoost-M1方法构造多个基于贝叶斯树的概率分布序列,并按一定方式把它们组合成一个加强的概率分布序列进行入侵检测。实验结果表明这种方法能明显提高模型预测能力。
|
| 关 键 词: | 入侵检测 Windows Native API 贝叶斯树 AdaBoost-M1 |
| 文章编号: | 1673-4807(2008)01-0052-05 |
| 修稿时间: | 2006年5月15日 |
Application of Bayesian Tree Algorithm to Anomaly Intrusion Detection |
| |
| LI Yongzhong,ZHAO Bo,YANG Ge,XU Jing.Application of Bayesian Tree Algorithm to Anomaly Intrusion Detection[J].Journal of Jiangsu University of Science and Technology:Natural Science Edition,2008,22(1):52-56. |
| |
| Authors: | LI Yongzhong ZHAO Bo YANG Ge XU Jing |
| |
| Abstract: | The anomaly intrusion detection algorithm on Windows platform is studied.With the Windows Native API sequence,a host process rule and the corresponding probability distribution are presented as a normal model based on the Bayesian tree algorithm.With the test sequence,the probability distribution of the nth native API from the preceding N-1 native API is predicted by using the U-test method for the anomaly intrusion detection algorithm.Moreover,the AdaBoost-M1 algorithm is used to construct a series of probability distribution sequences based on the Bayesian tree algorithm.At last,a final probability distribution based on the boosted combination of the probability distribution sequences is formed,which can be applied to the intrusion detection.Experiment results proved a good prediction performance with this model. |
| |
| Keywords: | intrusion detection Windows Native API Bayesian tree AdaBoost-M1 |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
