基于核函数Fisher鉴别的异常入侵检测

周鸣争

基于核函数Fisher鉴别的异常入侵检测

周鸣争

计量
- 文章访问数: 2255
- HTML全文浏览量: 146
- PDF下载量: 925
- 被引次数: 0
出版历程
- 收稿日期: 2005-01-10
- 修回日期: 2005-06-21
- 刊出日期: 2006-09-19

An Anomaly Intrusion Detection Based on Kernel Fisher Discriminant

Zhou Ming-zheng

摘要

摘要: 将核函数方法引入入侵检测研究中，提出了一种基于核函数Fisher鉴别的异常入侵检测算法，用于监控进程的非正常行为。首先分析了核函数Fisher鉴别分类算法应用于入侵检测的可能性，然后具体描述了核函数Fisher鉴别算法在异构数据集下的推广，提出了基于核函数Fisher鉴别的异常入侵检测模型。并以Sendmail系统调用序列数据集为例，详细讨论了该模型的工作过程。最后将实验仿真结果与其它方法进行了比较，结果表明，该方法的检测效果优于同类的其它方法。
- 异常入侵检测; 核函数Fisher鉴别; 异构数据集; 系统调用
Abstract: Kernel method is introduced to intrusion detection and an anomaly intrusion detection method based on kernel Fisher discriminant is presented in this paper. This method is applied for monitoring the abnormal behavior of processes. Firstly, this paper presents the possible of kernel Fisher method applied to intrusion detection. Secondly, this paper descriptions the kernel Fisher algorithm is generalized for heterogeneous datasets. A model of anomaly intrusion detection based on kernel Fisher is given and the working process of this model is used with sendmail system call in detail discussion; Finally, the simulation result is compared with other methods, The measuring result of this method is superior to other similar methods .

HTML全文

参考文献(1)

Anup K Ghosh, Aaron Schwartzbard. A study in using neuralnetworks for anomaly and misuse detection. The 8th USENIX Security Symposium, Washington D C, 1999: 46-57.[2]Balajinath B, Raghavan S V. Intrusion detection through learning behavior model[J].Computer Communications.2001, 24(12):1202-1212[3]Jha S, Tan K, Maxion R A. Markov Chains, classifiers and intrusion detection. The 14th IEEE Computer Security Foundations Workshop, Canada, 2001: 206-215.[4]张箭, 龚俭. 一种基于模糊综合评判的入侵异常检测方法. 计算机研究与发展, 2003, 40(6): 776-782.[5]Fisher R A. The statistical utilization of multiple measurements. Annals of Eugenics, 1938, 6(8): 376-386.[6]Wilson D, Martinez R. Improved heterogeneous distance functions. Journal of Artificial Intelligence Research, 1997, 6(1): 1-34.[7]Lee W, Stolfo SJ. A data mining framework for building intrusion detection medel, In: Gorgl, Keiter M K, eds. Proceedings of He 1999 IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, 1999: 120-132.[8]Forrest S, Hofmeyr S A, et al.. A sense of self for unix process. In: Proceedings of 1996 IEEE Symposium on Computer Security and Privacy, Canada, 1996: 120-128.[9]Lee W, Stolfo S, Chan P. Learning patterns from unix process execution traces for intrusion detection. In: Proceeding of AAAI Workshop: AI Approaches to Fraud Detection and Risk Management, Washington D C, 1997: 191-197.

施引文献

资源附件(0)

访问统计