高技术通讯2012,Vol.22Issue(9):897-903,7.DOI:10.3772/j.issn.1002-0470.2012.09.002
一种基于行为关联的主机系统入侵检测方法
An intrusion detection method for host systems based on behavior correlation
摘要
Abstract
A method for detecting intrusions through analyses of host behavior and behavior correlation is proposed. The method can efficiently find out the malicious software that is embedded with anomaly codes, and can be applied to behavior-based intrusion detection systems (IDS). By mining the characters of normal and anomaly behaviors of hosts, a way to build the Markov model of relationship of meta-behaviors and a method to detect intrusions are given. With them, the feasibility and scalability of the proposed method can be enhanced, and the store space can be reduced. The experimental results show that the loss-detection ratio, the error-detection ratio and the renew efficiency of the method are better than the existing methods, although it need more time to train datasets.关键词
关联分析/主机系统/入侵检测系统(IDS)Key words
correlation analysis, host system, intrusion detection systems (IDS)引用本文复制引用
王映龙,李京春,王少杰,锁延锋,梁利,郭瑞龙..一种基于行为关联的主机系统入侵检测方法[J].高技术通讯,2012,22(9):897-903,7.基金项目
国家发改委信息安全专项(发改办高技[2010]3044号)和江西省科技厅国际合作计划(2009BHB15100)资助项目. (发改办高技[2010]3044号)
