| 用改进的权值树进行入侵检测 |
| |
| 引用本文: | 翟素兰,郑诚,乐毅.用改进的权值树进行入侵检测[J].微机发展,2004,14(12):62-64. |
| |
| 作者姓名: | 翟素兰 郑诚 乐毅 |
| |
| 作者单位: | 安徽大学计算机科学与技术学院,安徽大学计算机科学与技术学院,安徽大学计算机科学与技术学院 安徽合肥230039,安徽合肥230039,安徽合肥230039 |
| |
| 基金项目: | 安徽省教育厅自然科学基金资助项目(2002kj009) |
| |
| 摘 要: | 提出了一种使用系统调用序列检测入侵的新算法。算法对权值树作了一定的改进,首先使用正常序列生成权值树森林,随后对权值树作了基于海明距离的剪枝,保留了主要的正常序列。在检测过程中扫描异常调用序列,通过权值树得到对应的权值序列,同时注意了经验的利用和更新。使用这种结构不仅可以检测是否出现异常,而且能满足实时性的要求。实验取得了理想的结果。
|
| 关 键 词: | 入侵检测 异常检测 权值树 海明距离 剪枝 |
| 文章编号: | 1005-3751(2004)12-0062-03 |
| 修稿时间: | 2004年4月20日 |
Intrusion Detection Using the Improved Weight Tree |
| |
| ZHAI Su-lan,ZHENG Cheng,YUE Yi.Intrusion Detection Using the Improved Weight Tree[J].Microcomputer Development,2004,14(12):62-64. |
| |
| Authors: | ZHAI Su-lan ZHENG Cheng YUE Yi |
| |
| Abstract: | An improved method for anomaly intrusion detection is brought forward in this paper. The data structure is the weight tree improved based on hamming distance. Firstly, build the normal weight tree forest using normal system calls trace. Secondly, prune off some branches based on hamming distance, and the frequent sequences of system calls remain. During intrusion detecting, scan abnormal trace using the normal weight tree and get corresponding weight sequence, on which make decision whether it is abnormal or not. At the same time pay attention to making good use of experience and updating experience. The method not only can detect intrusion but also can work in real live network environment. |
| |
| Keywords: | intrusion detection anomaly detection weight tree hamming distance prune |
| 本文献已被 CNKI 维普 等数据库收录! |
