Abstract:More and more intruders exploit the vulnerabilities of system and applications to intrude the system.This paper introduced an anomaly intrusion detection model analyzing processes' behaviors.It introduces the similarity calculation method based on Vector-space.And it introduces an argument to value the capabilities of system calls to differentiate the process behaviors.Thinking of the characters of the abnormalities caused by intrusions,the detection algorithm adopts the method of locally analyzing.
苏璞睿;冯登国. 基于进程行为的异常检测模型[J]. 电子学报, 2006, 34(10): 1809-1811.
SU Pu-rui;FENG Deng-guo. An Anomaly Intrusion Detection Model Based on Nonhierarchical Clustering. Chinese Journal of Electronics, 2006, 34(10): 1809-1811.