电子学报2011,Vol.39Issue(5):1199-1204,6.
基于Shell命令和多阶Markov链模型的用户伪装攻击检测
Masquerade Detection Based on Shell Commands and High-Order Markov Chain Models
摘要
Abstract
Masquerade attacks are attempts by unauthorized users to gain access to confidential data or greater ater access privileges, while pretending to be legitimate users. This paper proposes a novel method to distinguish legitimate users from masqueraders.The uncertainty of the user's behavior and the relevance of the operation of shell commands are thoroughly considered. The method constructs specific high-order homogeneous Markov chain models to represent the normal behavior profiles of valid users. It defines the states by twofold hierarchical merging shell commands. Therefore this method increases the accuracy of describing the normal behavior profiles,improves the generalization of the detection system and sharply reduces the storage space. In the detection period,taking the real-time performance into account,it computes the categorical boolean variables only using the transition probabilities,which has little compuation workload, and then smoothes them to get the decision values used to determine whether the monitored user's behavior is normal or anomalous. Its performance is tested in computer simulation, showing higher detection accuracy and fewer computation costs than related methods'. The proposed method is especially suitable for on-line detection.关键词
网络安全/伪装攻击/人侵检测/shell命令/异常检测/多阶Markov链Key words
network security/masquerade attack/intrusion detection/shell command/anomaly detection/high-order Markov chain分类
信息技术与安全科学引用本文复制引用
肖喜,翟起滨,田新广,陈小娟,叶润国..基于Shell命令和多阶Markov链模型的用户伪装攻击检测[J].电子学报,2011,39(5):1199-1204,6.基金项目
国家863高技术研究发展计划(No.2006AA01Z452) (No.2006AA01Z452)
国家242信息安全计划(No.2005C39) (No.2005C39)
