作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2007, Vol. 33 ›› Issue (03): 160-162. doi: 10.3969/j.issn.1000-3428.2007.03.058

• 安全技术 • 上一篇    下一篇

基于进程行为的入侵检测系统的设计

吴 玉,陆晓君   

  1. (安徽大学交通分校,合肥 230051)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-02-05 发布日期:2007-02-05

Design of Intrusion Detection Systems Based on Process Behavior

WU Yu, LU Xiaojun   

  1. (Communication School of Anhui University, Hefei 230051)
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-02-05 Published:2007-02-05

摘要: 在基于多层感知器的神经网络分类器和基于概率预测的贝叶斯分类器的基础上,给出针对描述系统进程行为的系统调用短序列进行分类的方法,用以识别被监控系统关键程序的执行过程中的系统调用是否正常。并研究系统中多个系统关键程序的运行监控问题,提出了一个基于进程行为分类的入侵检测系统原型。该系统原型能够根据系统配置,同时对系统中的多个系统关键程序的执行进行监控。

关键词: 进程行为, 神经网络, 贝叶斯分类器, 入侵检测系统

Abstract: Based on neural network classifier of multilayer perceptron and Bayesian classifier of probability prediction, the classification method is given of system call short sequence of description system process behavior, to identify whether the system call is normal or not in the performance process of monitor system key programs. The running and monitor problems of many system key programs in the system are researched and IDS prototype is put forward based on process behavior classifier. Based on system configuration, the system prototype can monitor the performance of many system key programs in the system.

Key words: Process behavior, Neural network, Bayesian classifier, IDS