摘要: 在基于多层感知器的神经网络分类器和基于概率预测的贝叶斯分类器的基础上,给出针对描述系统进程行为的系统调用短序列进行分类的方法,用以识别被监控系统关键程序的执行过程中的系统调用是否正常。并研究系统中多个系统关键程序的运行监控问题,提出了一个基于进程行为分类的入侵检测系统原型。该系统原型能够根据系统配置,同时对系统中的多个系统关键程序的执行进行监控。
关键词:
进程行为,
神经网络,
贝叶斯分类器,
入侵检测系统
Abstract: Based on neural network classifier of multilayer perceptron and Bayesian classifier of probability prediction, the classification method is given of system call short sequence of description system process behavior, to identify whether the system call is normal or not in the performance process of monitor system key programs. The running and monitor problems of many system key programs in the system are researched and IDS prototype is put forward based on process behavior classifier. Based on system configuration, the system prototype can monitor the performance of many system key programs in the system.
Key words:
Process behavior,
Neural network,
Bayesian classifier,
IDS
吴 玉;陆晓君. 基于进程行为的入侵检测系统的设计[J]. 计算机工程, 2007, 33(03): 160-162.
WU Yu; LU Xiaojun. Design of Intrusion Detection Systems Based on Process Behavior[J]. Computer Engineering, 2007, 33(03): 160-162.