Institutional Repository
| 基于LDA模型的主机异常检测方法 | |
| Alternative Title | a host anomaly detection method based on lda model |
| 贺喜; 蒋建春; 丁丽萍; 王永吉; 廖晓峰 | |
| 2012 | |
| Source | Computer Applications and Software
 |
| ISSN | 1000-386X |
| Volume | 29Issue:8Pages:1-4,24 |
| English Abstract | 基于系统调用序列的入侵检测是分析主机系统调用数据进而发现入侵的一种安全检测技术,其关键技术是如何能够更准确地抽取系统调用序列的特征,并进行分类。 为此,引进LDA(Latent Dirichlet Allocation)文本挖掘模型构建新的入侵检测分类算法。该方法将系统调用短序列视为word,利用LDA模型提取进程系统调用序列的主题特征,并 结合系统调用频率特征,运用kNN(k-Nearest Neighbor)分类算法进行异常检测。针对DAPRA数据集的实验结果表明,该方法提高了入侵检测的准确度,降低了误报率。 |
| Indexed Type | CSCD ; WANFANG ; CNKI |
| Abstract | The technique of intrusion detection based on sequence of host system call is a security detection technique mainly focusing on analysing the data set of host system call and further finding the intrusion.Its key technology relies on how to extract the characteristics of system call sequence more accurately and then followed by classification.In this paper,aiming at this,LDA(Latent Dirichlet Allocation) text mining model is introduced to build a new intrusion detection classification algorithm.In this method,topic characteristics of system call sequence are extracted using LDA model which the short sequence of system call is regarded by the method as word.Combined with the frequency characteristics of system calls,kNN(k-Nearest Neighbor) classification algorithm is used for anomaly detection.Experiment is evaluated on 1998 DAPRA data set,the result shows that the method improves the accuracy of intrusion detection,and reduces the false alarm rate. |
| Keyword | 异常检测 系统调用 Lda模型 |
| Department | 贺喜 中国科学院软件研究所 基础软件国家工程研究中心 北京 100190 中国. 蒋建春 中国科学院软件研究所 基础软件国家工程研究中心 北京 100190 中国. 丁丽萍 中国科学院软件研究所 基础软件国家工程研究中心 北京 100190 中国. 王永吉 中国科学院软件研究所 基础软件国家工程研究中心 北京 100190 中国. 廖晓峰 中国科学院软件研究所 基础软件国家工程研究中心 北京 100190 中国. |
| Subject | Computer Science (Provided By Thomson Reuters) |
| Sponsorship | 国家自然科学基金重大项目; 核高基基础软件重大专项; 中国科学院知识创新工程重要方向项目 |
| Language | 中文 |
| CSCD ID | CSCD:4603429 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/15028 |
| Collection | 中国科学院软件研究所 |
| Recommended Citation GB/T 7714 | 贺喜,蒋建春,丁丽萍,等. 基于LDA模型的主机异常检测方法[J]. Computer Applications and Software,2012,29(8):1-4,24. |
| APA | 贺喜,蒋建春,丁丽萍,王永吉,&廖晓峰.(2012).基于LDA模型的主机异常检测方法.Computer Applications and Software,29(8),1-4,24. |
| MLA | 贺喜,et al."基于LDA模型的主机异常检测方法".Computer Applications and Software 29.8(2012):1-4,24. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment