【摘 要】
:
Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detectio
【机 构】
:
Inst. of Computing Technology
论文部分内容阅读
Anomaly detection has been an active research topic in the field of network intrusion detection for many years. A novel method is presented for anomaly detection based on system calls into the kernels of Unix or Linux systems. The method uses the data mining technique to model the normal behavior of a privileged program and uses a variable-length pattern matching algorithm to perform the comparison of the current behavior and historic normal behavior, which is more suitable for this problem than the fixed-length pattern matching algorithm proposed by Forrest et al. At the detection stage, the particularity of the audit data is taken into account, and two alternative schemes could be used to distinguish between normalities and intrusions. The method gives attention to both computational efficiency and detection accuracy and is especially applicable for on-line detection. The performance of the method is evaluated using the typical testing data set, and the results show that it is significantly better than the anomaly detection method based on hidden Markov models proposed by Yan et al. and the method based on fixed-length patterns proposed by Forrest and Hofmeyr. The novel method has been applied to practical hosted-based intrusion detection systems and achieved high detection performance.
其他文献
A new process, NOx reduction with recycling flue gas and modifying coke breeze, was proposed. The effects of modified coke breeze and recycled flue gas on NOx r
Nanostructured Bi2Se3 and Sn0.5-Bi2Se3 were successfully synthesized by hydrothermal coreduction from SnCl2H2O and the oxides of Bi and Se. The products were ch
In conventional shared risk link group (SRLG)-diverse path selection (CSPS) algorithm in survivable GMPLS networks, SRLG is taken into account when selecting th
Adaptive broadband beamforming is a key issue in array applications. The adaptive broadband beamformer with tapped delay line (TDL) structure for nonuniform lin
The DBSA-PANI-Fe composite powder with 50wt% of Fe nanoparticles was prepared by mechanically mixing the DBSA-doped polyaniline powder and Fe nanoparticles. The
Microstructures and mechanical properties of the 25Mn twinning induced plasticity (TWIP) steel at different annealing temperatures were investigated.The results
Al-Si metal matrix composites (MMCs) reinforced with 20 vol.% alumina-silicate shot fibers (Al2O3-SiO2(sf)) were fabricated by an infiltra-tion squeeze method.
The effect of grinding on the chemical and physical properties of rice husk ash was studied. Four rice husk ashes with different finenesses,i.e. coarse original
文章用有限元法对筒仓进行了动态压力数值模拟,得到了沿仓壁和漏斗壁动态压力数据,并将模拟结果与测试数据、规范、Janssen公式和微力学离散元模拟结果进行了对比分析,表明有
The Fe3Si based coating was produced on the Fe-lSi steel surface by a pulsed Nd:YAG (yttrium aluminum garnet) laser. Its phase constitution and microstructure w