| 模糊窗口Markov链在IDS中的应用 |
| |
| 引用本文: | 赵文刚,钟乐海,张娅,杨金,邹海洋.模糊窗口Markov链在IDS中的应用[J].计算机应用,2008,28(6):1398-1400. |
| |
| 作者姓名: | 赵文刚 钟乐海 张娅 杨金 邹海洋 |
| |
| 作者单位: | 1. 西华师范大学,计算机学院,四川,南充,637002
2. 西南交通大学,信息科学与技术学院,成都,610031 |
| |
| 摘 要: | 针对传统的基于静态Markov模型的前提假设(t+1时刻系统状态的转移概率分布只与t时刻的状态有关,与t时刻以前的状态无关)带来较大误差的不足,提出了一种新的窗口Markov链方法,并且在窗口Markov模型中引入模糊度量。实验验证该模型对正常行为和异常行为具有很好的区分度,且计算快捷,适用于实时检测。
|
| 关 键 词: | 异常检测 Markov链 系统调用 模糊 |
| 文章编号: | 1001-9081(2008)06-1398-03 |
| 收稿时间: | 2007-12-07 |
| 修稿时间: | 2007年12月7日 |
Application of fuzzy window Markov chain in IDS |
| |
| ZHAO Wen-gang,ZHONG Le-hai,ZHANG Ya,YANG Jin,ZOU Hai-yang.Application of fuzzy window Markov chain in IDS[J].journal of Computer Applications,2008,28(6):1398-1400. |
| |
| Authors: | ZHAO Wen-gang ZHONG Le-hai ZHANG Ya YANG Jin ZOU Hai-yang |
| |
| Affiliation: | ZHAO Wen-gang1,ZHONG Le-hai1,ZHANG Ya2,YANG Jin1,ZOU Hai-yang11.College of Computer Science,China West Normal University,Nanchong Sichuan 637002,China,2.College of Information Science , Technology,Southwest Jiaotong University,Chengdu Sichuan 610031 |
| |
| Abstract: | The traditional static Markov model is based on such premise of assumptions as transition probability distribution of system mode of t+1 moment is only interrelated with the state at time t but not with that before time t, which brings big error. Therefore, a new window Markov chain was put forward, and fuzzy measure was introduced into it. The experiment confirms that this model has a good discrimination to the normal behavior and the unusual behavior, and has a faster calculation speed, and it is suitable for the on-line detection. |
| |
| Keywords: | anomaly detection Markov chain system call fuzzy |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
|
