中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 期刊论文
Title:
基于命令紧密度的用户伪装入侵检测方法
Alternative Title: Masquerader detection based on command closeness model
Author: 王秀利 ; 王永吉
Corresponding Author: Wang, Xiu-Li
Keyword: 异常检测 ; 伪装检测 ; 命令紧密度 ; shell ; 主机 ; anomaly detection ; masquerader detection ; command closeness ; shell ; host
Source: 电子学报
Issued Date: 2014
Volume: 42, Issue:6, Pages:1225-1229
Indexed Type: EI
Department: 中央财经大学信息学院,北京,100081 中国科学院软件研究所,北京,100190
Abstract: 根据Unix系统中用户的历史命令序列,提出一种基于命令紧密度模型的用户伪装入侵检测方法。该方法从命令组合的角度抽取用户的行为模式。用户经常组合使用的命令,表现出关系紧密;不常被一起使用的命令,表现出关系疏远。通过滑动窗口方法从用户的历史命令序列中生成紧密度矩阵。如果待检测的命令块对于该用户来说表现出紧密度过低,则判断为异常。实验表明该方法计算量小,检测效果好,而且具有很高的实时性。 According to the history of command sequence in Unix system ,an approach to masquerader detection based on the closeness model of command was proposed .The behavior patterns of user were extracted from the view of command combinations . Those commands combined frequently by users showed close relationship ,and other commands exhibited loose relationship .Com-mand closeness matrix was generated by the sliding window from the sequence of commands .If the command block to be detected exhibited a low closeness for the user ,it was judged as abnormal .Experimental results show that a simple calculation ,an accurate detection ,and a high level of real-time can be achieved by using the proposed approach .
English Abstract: According to the history of command sequence in Unix system, an approach to masquerader detection based on the closeness model of command was proposed. The behavior patterns of user were extracted from the view of command combinations. Those commands combined frequently by users showed close relationship, and other commands exhibited loose relationship. Command closeness matrix was generated by the sliding window from the sequence of commands. If the command block to be detected exhibited a low closeness for the user, it was judged as abnormal. Experimental results show that a simple calculation, an accurate detection, and a high level of real-time can be achieved by using the proposed approach.
Language: 中文
Content Type: 期刊论文
URI: http://ir.iscas.ac.cn/handle/311060/16973
Appears in Collections:软件所图书馆_期刊论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
王秀利,王永吉. 基于命令紧密度的用户伪装入侵检测方法[J]. 电子学报,2014-01-01,42(6):1225-1229.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[王秀利]'s Articles
[王永吉]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[王秀利]‘s Articles
[王永吉]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2020  中国科学院软件研究所 - Feedback
Powered by CSpace