计算机应用与软件2012,Vol.29Issue(8):1-4,24,5.
基于LDA模型的主机异常检测方法
A HOST ANOMALY DETECTION METHOD BASED ON LDA MODEL
摘要
Abstract
The technique of intrusion detection based on sequence of host system call is a security detection technique mainly focusing on analysing the data set of host system call and further finding the intrusion. Its key technology relies on how to extract the characteristics of system call sequence more accurately and then followed by classification. In this paper, aiming at this, LDA (Latent Dirichlet Allocation) text mining model is introduced to build a new intrusion detection classification algorithm. In this method, topic characteristics of system call sequence are extracted using LDA model which the short sequence of system call is regarded by the method as word. Combined with the frequency characteristics of system calls, kNN (k-Nearest Neighbor) classification algorithm is used for anomaly detection. Experiment is evaluated on 1998 DAPRA data set, the result shows that the method improves the accuracy of intrusion detection, and reduces the false alarm rate.关键词
异常检测/系统调用/LDA模型Key words
Anomaly detection/System call/LDA model分类
信息技术与安全科学引用本文复制引用
贺喜,蒋建春,丁丽萍,王永吉,廖晓峰..基于LDA模型的主机异常检测方法[J].计算机应用与软件,2012,29(8):1-4,24,5.基金项目
国家自然科学基金重大项目(91124001) (91124001)
“核高基”基础软件重大专项(2010ZX01036-001-002) (2010ZX01036-001-002)
中国科学院知识创新工程重要方向项目(KGCX2-YW-125). (KGCX2-YW-125)
