Masquerader Detection Based on Command Closeness Model

WANG Xiu-li; WANG Yong-ji

doi:10.3969/j.issn.0372-2112.2014.06.029

您当前的位置：

首页 >

文章列表页 >

Masquerader Detection Based on Command Closeness Model

更新时间：2025-07-16

- Masquerader Detection Based on Command Closeness Model
- Acta Electronica Sinica Vol. 42, Issue 6, Pages: 1225-1229(2014)
- 作者机构：
  
  1. 中央财经大学信息学院,北京,100081
  2. 中国科学院软件研究所,北京,100190
  3. 中央财经大学信息学院,北京,100081
  4. 中国科学院软件研究所,北京,100190
- 作者简介：
- 基金信息：
- DOI：10.3969/j.issn.0372-2112.2014.06.029
  CLC： TP393.08
- Published：2014
- 稿件说明：
移动端阅览
WANG Xiu-li, WANG Yong-ji. Masquerader Detection Based on Command Closeness Model[J]. Acta Electronica Sinica, 2014, 42(6): 1225-1229.
DOI：

WANG Xiu-li, WANG Yong-ji. Masquerader Detection Based on Command Closeness Model[J]. Acta Electronica Sinica, 2014, 42(6): 1225-1229. DOI： 10.3969/j.issn.0372-2112.2014.06.029.

摘要

根据Unix系统中用户的历史命令序列，提出一种基于命令紧密度模型的用户伪装入侵检测方法.该方法从命令组合的角度抽取用户的行为模式.用户经常组合使用的命令，表现出关系紧密;不常被一起使用的命令，表现出关系疏远.通过滑动窗口方法从用户的历史命令序列中生成紧密度矩阵.如果待检测的命令块对于该用户来说表现出紧密度过低，则判断为异常.实验表明该方法计算量小，检测效果好，而且具有很高的实时性.

Abstract

According to the history of command sequence in Unix system

an approach to masquerader detection based on the closeness model of command was proposed.The behavior patterns of user were extracted from the view of command combinations.Those commands combined frequently by users showed close relationship

and other commands exhibited loose relationship.Command closeness matrix was generated by the sliding window from the sequence of commands.If the command block to be detected exhibited a low closeness for the user

it was judged as abnormal.Experimental results show that a simple calculation

an accurate detection

and a high level of real-time can be achieved by using the proposed approach.

关键词

Keywords

references

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Variable Horizon Multi-Directional Scanning Method for Time Series Anomaly Detection

Unsupervised Image Anomaly Detection Based on Constrained BidiRectional Distillation

A Vehicle Trajectory Anomaly Detection Method Based on Noise Label Re-Weighting

A Survey of Network Attack Investigation Based on Provenance Graph

Improved Adaptive Model Pools for Online Anomaly Detection Algorithms

Related Author

WEI Song-jie

GUAN Yong-yuan

HUANG Yu-zhe

TANG Jin-hui

XING Peng

LI Ze-chao

LI Bo

BI Jing-ping

Related Institution

School of Computer Science and Engineering, School of Cyber Science and Engineering, Nanjing University of Science and Technology

School of Computer Science and Engineering, Nanjing University of Science and Technology

Institute of Computing Technology, Chinese Academy of Sciences

University of Chinese Academy of Sciences

NSFOCUS Technologies Group Co., Ltd

⁰