[1]李千目,戚湧,张宏,等.IIDS的行为特征提取方法研究[J].南京理工大学学报(自然科学版),2004,(02):140-144.
 LI Qian-mu,QI Yong,ZHANG Hong,et al.Research on Method for Obtaining Action Character Based on IIDS[J].Journal of Nanjing University of Science and Technology,2004,(02):140-144.
点击复制

IIDS的行为特征提取方法研究()
分享到:

《南京理工大学学报》(自然科学版)[ISSN:1005-9830/CN:32-1397/N]

卷:
期数:
2004年02期
页码:
140-144
栏目:
出版日期:
2004-04-30

文章信息/Info

Title:
Research on Method for Obtaining Action Character Based on IIDS
作者:
李千目戚湧张宏刘凤玉
南京理工大学计算机科学与技术系, 江苏南京 210094
Author(s):
LI Qian-muQI YongZHANG HongLIU Feng-yu
Department of Computer Science and Technology,NUST,Nanjing 210094,China
关键词:
免疫入侵检测系统 粗集 神经网络
Keywords:
immunolog ical int rusion detect ion system rough sets neural netw ork
分类号:
TP393.08
摘要:
针对目前的入侵检测系统存在先验知识较少的情况下推广能力差的问题 ,基于免疫原理 ,将肽链定义为在操作系统中由特权进程执行的系统调用及参数段序列 ;基于广义后缀树、粗集和神经网络理论 ,提出一种新的免疫入侵检测模型的行为特征提取方法 ,有效解决了行为特征的获取和知识库的构建。该方法设计有独立而完整的特征数据库 ,提高检测系统的强壮性和可伸缩性 ;对高频度行为模式优先分析和处理 ,提高检测的速度。该方法不仅去除了降低检测效率的规则 ,而且生成了更强的规则子集。实验结果表明 ,该方法的有效性和检测的高效性。
Abstract:
The generalizing ability of current IDS ( Int rusion Detection System) is poor w hen less prior know ledg e is given. According to the immunology principle of bionics, a new method for obtaining act ion character in IIDS is presented, w hich based on generalized suff ix tree, roug h set and neural netw ork. In this paper short sequences of system calls and parameters ex ecuted by privileged procedure are view ed as analogous pept ide. The characteristics of this method are as follow s: 1. the databases are special and integrity. It improves the robustness and flex ibility of the system; 2. The behavior model whose frequency is higher is analyzed and the processed first. It improves the speed and the ef fectiveness of int rusion detect ion; 3. The rules that affected the ef fectiveness of the system is be deleted, and be replaced by better rules. Experiment s show that the proposed method is pract ical and efficient.

参考文献/References:

[ 1] Matt B. Trends in academic research: vulnerabil-i ties analysis and intrusion detection[ J] . Computers and Security , 2002, 21( 7) : 609~ 612.
[ 2] Lu K N, Chen Z H, Jin Z G, et al. An adapt ive rea-l time intrusion detection system using sequences of system call [ A] . In: Proceedings of IEEE Conference on Electrical and Computer Eng ineering ( IEEE CCECE 2003) [ C] . Virginia: Georg ia Institute of Technology, 2003. 789~ 792.
[ 3] Tan K M C, Maxion R A. Determining the oper ational limits of an anomaly- based intrusion detector[ J] . IEEE Journal on Selected Ar eas in Communications, 2003, 21( 1) : 96~ 110.

备注/Memo

备注/Memo:
基金项目: 国家自然科学基金项目( 60273137) ; 国防科工委应用基础基金项目
作者简介: 李千目( 1979—— ) , 男, 江苏南京人, 博士生, 主要研究方向: 网络性能与信息安全, E-mail:liqianmu@ 126. com。
更新日期/Last Update: 2013-03-11