[1]谷胜伟,宋如顺.基于时间戳马尔可夫模型的入侵检测技术研究[J].南京师范大学学报(工程技术版),2008,08(01):080-83.
 Gu Shengwei,Song Rushun.Research on Technology of Intrusion Detection Based on Markov Model With Time Stamp[J].Journal of Nanjing Normal University(Engineering and Technology),2008,08(01):080-83.
点击复制

基于时间戳马尔可夫模型的入侵检测技术研究
分享到:

南京师范大学学报(工程技术版)[ISSN:1006-6977/CN:61-1281/TN]

卷:
08卷
期数:
2008年01期
页码:
080-83
栏目:
出版日期:
2008-03-30

文章信息/Info

Title:
Research on Technology of Intrusion Detection Based on Markov Model With Time Stamp
作者:
谷胜伟;宋如顺;
南京师范大学数学与计算机科学学院, 江苏南京210097
Author(s):
Gu ShengweiSong Rushun
School of Mathematics and Computer Science,Nanjing Normal University,Nanjing 210097,China
关键词:
入侵检测系统 马尔可夫模型 系统调用 时间戳 异常检测
Keywords:
IDS M arkov model system ca ll tim e stamp anom a ly detection
分类号:
TP393.08
摘要:
入侵检测是保障网络安全的重要技术.在改进LPMC算法的基础上提出了LPMCST(Linear Prediction and MarkovChain With Time Stamp)算法.LPMCST算法采用时间戳标识,对特权进程的系统调用序列进行分段训练和检测,特别是在系统调用序列波动较大的情况下,使得模型更能反映系统实时状态,从而在保持原算法优点的基础上进一步降低了误报率和漏报率,提高了检测的准确度.
Abstract:
Intrusion de tection is an important approach for protecting ne tw ork security. In th is paper, w e propose a new a lgo rithm LPMCTS ( L inear Prediction andM arkov Cha in w ith T im e Stamp) wh ich is based on LPMC. LPM CTS em ploy s tim e stam ps tom ark the system ca ll sequences of the priv ileg ed processes dur ing train ing and de tection. It reflec ts system rea l tim e state better than LPMC, espec ia lly on fluctua te situation, so thatw e g et lower fa lse neg ative rate and fa lse pos-i tive rate and prom ote the success probab ility of detection wh ile keeping the advantages o f the o rig ina l a lgor ithm.

参考文献/References:

[ 1] 刘次华. 随机过程[M ]. 2版. 武汉: 华中科技大学出版社, 2001: 42- 43.
Liu C ihua. Stochastic Processes [M ]. 2nd ed. Wuhan: H uaZhong University o f Sc ience and Techno logy Press, 2001: 42 -43. ( in Chinese)
[ 2] W a rrender C, Fo rrest S, Pearlmutter B. De tecting intrus ions us ing system ca lls: alte rna tive da tam ode ls[ C] / / Proc the 1999 IEEE Sym po sium on Secur ity and Privacy. B erkely, Ca liforn ia, USA: IEEE Compu ter Soc iety, 1999: 133- 145.
[ 3] LaneT. M achine Lea rning techn iques fo r the compu ter security dom ain of anoma ly detection[ D] . W est Lafayette: PurdueUn-i ve rsity, 2000.
[ 4] 尹清波, 张汝波, 李雪耀, 等. 基于线性预测与马尔可夫模型的入侵检测技术研究[ J] . 计算机学报, 2005, 28( 5): 900- 907.
Y in Q ingbo, Zhang Rubo, L iXueyao, e t a.l Research on techno logy of intrus ion detection based on linea r prediction and m arkov m ode l[ J] . Ch inese Journa l o f Computers, 2005, 28( 5): 900- 907. ( in Chinese)
[ 5] Rab ine r L, Juang B. Fundam enta ls of Speech Recogn ition[M ]. New Jersey: Pren tice-H a ll Internationa l Inc, 1993.
[ 6] 孙宏伟, 田新广, 邹涛, 等. 基于隐马尔可夫模型的IDS程序行为异常检测[ J]. 国防科技大学学报, 2003, 25( 5): 63- 67.
Sun H ongw e,i T ian X inguang, Zou Tao, et a .l Anom a ly detection o f the prog ram behav iors fo r IDS based on h iddenM arkov m ode ls [ J]. Journal o fN ationalUn iv ers ity o f Defense Techno logy, 2003, 25( 5): 63- 67. ( in Ch inese)
[ 7] Fo rrest S, H o fm eyr S A, Somaya jiA, et a.l A sense of se lf fo rUN IX processes[ C] / / Proceed ing s o f the 1996 IEEE Sympos-i um on Security and Pr ivacy. Oakland, Ca lifo rn ia, 1996: 120- 128.
[ 8] S imon H aykin. Neural Netwo rks: A Comprehensive Foundation [M ]. 2nd ed. New Jersey: Prentice-H a ll Internationa l Inc, 1999.
[ 9] ThottanM, Ji C. Adaptive thresho ld ing for proactiv e netwo rk prob lem detec tion[ C] / / Proceed ings of the Third IEEE InternationalW orkshop on System sM anagem ent. New po rt, Rhode Island, 1998: 108- 116.

备注/Memo

备注/Memo:
基金项目: 国家“十五”“211工程”建设基金( 181070H 901)资助项目.
作者简介: 谷胜伟( 1982-) , 硕士研究生, 研究方向: 信息网络安全保密技术. E-m a il:gu shengw ei0328@ 163. com
通讯联系人: 宋如顺( 1953-) , 教授, 研究方向: 信息网络安全保密技术. E-ma il:rssong@ n jnu. edu. cn
更新日期/Last Update: 2013-04-24