作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2008, Vol. 34 ›› Issue (8): 138-140. doi: 10.3969/j.issn.1000-3428.2008.08.048

• 安全技术 • 上一篇    下一篇

安全审计中频率敏感的异常检测算法

罗 隽,丁 力,潘志松,胡谷雨,倪桂强   

  1. (解放军理工大学指挥自动化学院,南京 210007)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-04-20 发布日期:2008-04-20

Frequency-sensitive Abnormal Detection Algorithm in Security Audit System

LUO Jun, DING Li, PAN Zhi-song, HU Gu-yu, NI Gui-qiang   

  1. (Institute of Command Automation, PLA University of Science and Technology, Nanjing 210007)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-04-20 Published:2008-04-20

摘要: 传统使用系统调用序列的异常检测算法主要关注切分的长度,忽略了各个系统调用序列的发生频率对整个检测结果的重要性。该文提出一种对序列发生频率敏感的基于支持向量描述异常检测算法,利用发生频率定义样本的重要性,使分类器更加倾向于这些重要的样本。采用国际标准数据集进行测试,讨论了核参数对分类结果的影响。实验结果表明,与传统检测模型相比,基于序列发生频率的检测模型具有较低的误警率。

关键词: 安全审计, 入侵检测系统, 支持向量描述, 单类分类器

Abstract: Traditional algorithms using sequences of system calls often pay close attention to the length of the sequences while ignoring the importance of their occurring frequency. A new detection algorithm using sequences of system calls is put forward based on their occurring frequency, the classifier may pay more attention to the importance of different sequences which is defined by their occurring frequency. Experiments using IS data sets show that the new model has a low false positive rate compared with the traditional model. And hence, adjusting some parameters can make the false positive rate better.

Key words: security audit, intrusion detection system, support vector data description, one-class classifier

中图分类号: