计算机应用与软件2011,Vol.28Issue(8):90-92,96,4.
基于自适应学习的Rootkit检测模型
A ROOTKIT DETECTION MODEL BASED ON ADAPTIVE LEARNING
摘要
Abstract
The anomaly behaviour-based Rootkit detection depends on the selection of behaviour and the completeness of the behaviour pattern database at present. In light of this, A Rootkit detection model based on adaptive learning is proposed. The model analyses the behaviours of Rootkit detected by fuzzy behavioural recognition detector, extracts new Rootkit behaviour characteristics using the learning mechanism to constantly improve the behaviour pattern database, and dynamically calculates the support on Rootkit detection by each behaviour for adaptively updating the detection weights of every behavioural characteristic and to achieve the detection on unknown Rootkits. Experiment results show that the model is able to well detect Rootkit with unnoticeable impact on system performance.关键词
Rootkit/自适应学习/行为特征/模糊识别Key words
Rootkit Adaptive learning Behavioural characteristics Fuzzy recognition分类
信息技术与安全科学引用本文复制引用
程春玲,张登银,高德华..基于自适应学习的Rootkit检测模型[J].计算机应用与软件,2011,28(8):90-92,96,4.基金项目
国家高技术研究发展计划(2007AA701302,2008 AA70 1202). (2007AA701302,2008 AA70 1202)
