基于命令紧密度的用户伪装入侵检测方法
文献类型:期刊论文
| 作者 | 王秀利 ; 王永吉 |
| 刊名 | 电子学报
 |
| 出版日期 | 2014 |
| 卷号 | 42期号:6页码:1225-1229 |
| 关键词 | 异常检测 伪装检测 命令紧密度 shell 主机 anomaly detection masquerader detection command closeness shell host |
| ISSN号 | 3722112 |
| 其他题名 | Masquerader detection based on command closeness model |
| 通讯作者 | Wang, Xiu-Li |
| 中文摘要 | 根据Unix系统中用户的历史命令序列,提出一种基于命令紧密度模型的用户伪装入侵检测方法。该方法从命令组合的角度抽取用户的行为模式。用户经常组合使用的命令,表现出关系紧密;不常被一起使用的命令,表现出关系疏远。通过滑动窗口方法从用户的历史命令序列中生成紧密度矩阵。如果待检测的命令块对于该用户来说表现出紧密度过低,则判断为异常。实验表明该方法计算量小,检测效果好,而且具有很高的实时性。 According to the history of command sequence in Unix system ,an approach to masquerader detection based on the closeness model of command was proposed .The behavior patterns of user were extracted from the view of command combinations . Those commands combined frequently by users showed close relationship ,and other commands exhibited loose relationship .Com-mand closeness matrix was generated by the sliding window from the sequence of commands .If the command block to be detected exhibited a low closeness for the user ,it was judged as abnormal .Experimental results show that a simple calculation ,an accurate detection ,and a high level of real-time can be achieved by using the proposed approach . |
| 英文摘要 | According to the history of command sequence in Unix system, an approach to masquerader detection based on the closeness model of command was proposed. The behavior patterns of user were extracted from the view of command combinations. Those commands combined frequently by users showed close relationship, and other commands exhibited loose relationship. Command closeness matrix was generated by the sliding window from the sequence of commands. If the command block to be detected exhibited a low closeness for the user, it was judged as abnormal. Experimental results show that a simple calculation, an accurate detection, and a high level of real-time can be achieved by using the proposed approach. |
| 收录类别 | EI |
| 语种 | 中文 |
| 公开日期 | 2014-12-16 |
| 源URL | [http://ir.iscas.ac.cn/handle/311060/16973]  |
| 专题 | 软件研究所_软件所图书馆_期刊论文 |
| 推荐引用方式 GB/T 7714 | 王秀利,王永吉. 基于命令紧密度的用户伪装入侵检测方法[J]. 电子学报,2014,42(6):1225-1229. |
| APA | 王秀利,&王永吉.(2014).基于命令紧密度的用户伪装入侵检测方法.电子学报,42(6),1225-1229. |
| MLA | 王秀利,et al."基于命令紧密度的用户伪装入侵检测方法".电子学报 42.6(2014):1225-1229. |
入库方式: OAI收割
来源:软件研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。