电子学报 ›› 2006, Vol. 34 ›› Issue (10): 1809-1811.

• 论文 • 上一篇    下一篇

基于进程行为的异常检测模型

苏璞睿, 冯登国   

  1. 中国科学院软件研究所信息安全国家重点实验室, 北京 100080
  • 收稿日期:2005-12-20 修回日期:2006-04-10 出版日期:2006-10-25 发布日期:2006-10-25

An Anomaly Intrusion Detection Model Based on Nonhierarchical Clustering

SU Pu-rui, FENG Deng-guo   

  1. State Key Laboratory of Information Security,Institute of Software,Chinese Academy of Sciences,Beijing 100080,China
  • Received:2005-12-20 Revised:2006-04-10 Online:2006-10-25 Published:2006-10-25

摘要: 利用系统漏洞实施攻击是目前计算机安全面临的主要威胁.本文提出了一种基于进程行为的异常检测模型.该模型引入了基于向量空间的相似度计算算法和反向进程频率等概念,区分了不同系统调用对定义正常行为的不同作用,提高了正常行为定义的准确性;该模型的检测算法针对入侵造成异常的局部性特点,采用了局部分析算法,降低了误报率.

关键词: 入侵检测, 异常检测, 非层次聚类

Abstract: More and more intruders exploit the vulnerabilities of system and applications to intrude the system.This paper introduced an anomaly intrusion detection model analyzing processes' behaviors.It introduces the similarity calculation method based on Vector-space.And it introduces an argument to value the capabilities of system calls to differentiate the process behaviors.Thinking of the characters of the abnormalities caused by intrusions,the detection algorithm adopts the method of locally analyzing.

Key words: intrusion detection, anomaly detection, nonhierarchical clustering

中图分类号: