Institutional Repository
| 基于命令紧密度的用户伪装入侵检测方法 | |
| Alternative Title | Masquerader detection based on command closeness model |
| 王秀利; 王永吉; Wang, Xiu-Li | |
| 2014 | |
| Source | 电子学报
 |
| ISSN | 3722112 |
| Volume | 42Issue:6Pages:1225-1229 |
| English Abstract | 根据Unix系统中用户的历史命令序列,提出一种基于命令紧密度模型的用户伪装入侵检测方法。该方法从命令组合的角度抽取用户的行为模式。用户经常组合使用的命令,表现出关系紧密;不常被一起使用的命令,表现出关系疏远。通过滑动窗口方法从用户的历史命令序列中生成紧密度矩阵。如果待检测的命令块对于该用户来说表现出紧密度过低,则判断为异常。实验表明该方法计算量小,检测效果好,而且具有很高的实时性。 According to the history of command sequence in Unix system ,an approach to masquerader detection based on the closeness model of command was proposed .The behavior patterns of user were extracted from the view of command combinations . Those commands combined frequently by users showed close relationship ,and other commands exhibited loose relationship .Com-mand closeness matrix was generated by the sliding window from the sequence of commands .If the command block to be detected exhibited a low closeness for the user ,it was judged as abnormal .Experimental results show that a simple calculation ,an accurate detection ,and a high level of real-time can be achieved by using the proposed approach . |
| Indexed Type | EI |
| Abstract | According to the history of command sequence in Unix system, an approach to masquerader detection based on the closeness model of command was proposed. The behavior patterns of user were extracted from the view of command combinations. Those commands combined frequently by users showed close relationship, and other commands exhibited loose relationship. Command closeness matrix was generated by the sliding window from the sequence of commands. If the command block to be detected exhibited a low closeness for the user, it was judged as abnormal. Experimental results show that a simple calculation, an accurate detection, and a high level of real-time can be achieved by using the proposed approach. |
| Keyword | 异常检测 伪装检测 命令紧密度 Shell 主机 Anomaly Detection Masquerader Detection Command Closeness Shell Host |
| Department | 中央财经大学信息学院,北京,100081 中国科学院软件研究所,北京,100190 |
| Language | 中文 |
| Content Type | 期刊论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/16973 |
| Collection | 中国科学院软件研究所 |
| Corresponding Author | Wang, Xiu-Li |
| Recommended Citation GB/T 7714 | 王秀利,王永吉,Wang, Xiu-Li. 基于命令紧密度的用户伪装入侵检测方法[J]. 电子学报,2014,42(6):1225-1229. |
| APA | 王秀利,王永吉,&Wang, Xiu-Li.(2014).基于命令紧密度的用户伪装入侵检测方法.电子学报,42(6),1225-1229. |
| MLA | 王秀利,et al."基于命令紧密度的用户伪装入侵检测方法".电子学报 42.6(2014):1225-1229. |
| Files in This Item: | There are no files associated with this item. | |||||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment