计算机工程
計算機工程
계산궤공정
COMPUTER ENGINEERING
2010年
5期
10-11,14
,共3页
统计语言模型%系统调用%入侵检测
統計語言模型%繫統調用%入侵檢測
통계어언모형%계통조용%입침검측
statistical language models%system calls%intrusion detection
针对基于系统调用序列的入侵检测方法在实际应用中成本偏高的问题,在STIDE方法的基础上提出一种低耗时的入侵检测算法.利用N元语义模型分析系统调用序列规律,计算系统调用的贡献度,抽取最能体现用户正常行为的系统调用,建立正常模式库实现异常检测.实验结果证明,该算法在保证检测率不下降的同时,训练和检测系统调用短序列的规模降低70%.
針對基于繫統調用序列的入侵檢測方法在實際應用中成本偏高的問題,在STIDE方法的基礎上提齣一種低耗時的入侵檢測算法.利用N元語義模型分析繫統調用序列規律,計算繫統調用的貢獻度,抽取最能體現用戶正常行為的繫統調用,建立正常模式庫實現異常檢測.實驗結果證明,該算法在保證檢測率不下降的同時,訓練和檢測繫統調用短序列的規模降低70%.
침대기우계통조용서렬적입침검측방법재실제응용중성본편고적문제,재STIDE방법적기출상제출일충저모시적입침검측산법.이용N원어의모형분석계통조용서렬규률,계산계통조용적공헌도,추취최능체현용호정상행위적계통조용,건립정상모식고실현이상검측.실험결과증명,해산법재보증검측솔불하강적동시,훈련화검측계통조용단서렬적규모강저70%.
The existing intrusion detection methods based on sequences of system calls have a large overhead to construct normal profile.An efficient algorithm using statistical language models is proposed based on STIDE in order to reduce the computing cost.The system calls which can represent the characteristics of normal behaviors are extracted by an N-gram method.The improved algorithm extracts the most relevant sequences of system calls.Experimental results demonstrate that the computing cost of the improved algorithm has a reduction of 70%than the standard one and no degradation of detecting rate and false positive rate.
