检索结果-南通市图书馆

A Method for Anomaly Detection of User Behaviors Based on Machine Learning

The Journal of China Universities of Posts and Telecommunications 2006年第2期13卷 61-65,78页

作者： TIAN Xin-guang GAO Li-zhi SUN Chun-lai DUAN Mi-yi ZHANG Er-yang School of Electronic Science and Engineering National University of Defense Technology Changsha 410073 P.R. China Department of Electronic Engineering Tsinghua University Beijing 100084 P.R. China Research Institute of Beijing Capitel Group Corporation Beijing 100016 P.R. China Institute of Computing Technology Beijing Jiaotong University Beijing 100029 P.R. China

This paper presents a new anomaly detection method based on machine learning. Applicable to host-based intrusion detection .systems, this method uses shell commands as audit data. The method employs shell command sequences of different lengths to characterize behavioral patterns of a network user, and constructs multiple sequence libraries to represent the user＇s normal behavior profile. In the detection stage, the behavioral patterns in the audit data are mined by a sequence-matching algorithm, and the similarities between the mined patterns and the historical profile are evaluated. These similarities are then smoothed with sliding windows, and the smoothed similarities are used to determine whether the monitored user＇s behaviors are normal or anomalous. The results of our experience show the method can achieve higher detection accuracy and .shorter detection time than the instance-based method presented by Lane T. The method has been successfully applied in practical host-based intrusion detection systems.

关键词： intrusion detection machine learning anomaly detection shell command

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

Anomaly detection of user behavior based on DTMC with states of variable-length sequences

引用

The Journal of China Universities of Posts and Telecommunications 2011年第6期18卷 106-115页

作者： XIAO Xi XIA Shu-tao TIAN Xin-guang ZHAI Qi-bin Graduate School at Shenzhen Tsinghua University Shenzhen 518055 China State Key Laboratory of Information Security Graduate University of Chinese Academy of Sciences Beijing 100049 China Key Laboratory of Network Science and Technology Institute of Computing Technology Chinese Academy of Sciences Beijing 100190 China

In anomaly detection, a challenge is how to model a user＇s dynamic behavior. Many previous works represent the user behavior based on fixed-length models. To overcome their shortcoming, we propose a novel method based on discrete-time Markov chains （DTMC） with states of variable-length sequences. The method firstly generates multiple shell command streams of different lengths and combines them into the library of general sequences. Then the states are defined according to variable-length behavioral patterns of a valid user, which improves the precision and adaptability of user profiling. Subsequently the transition probability matrix is created. In order to reduce computational complexity, the classification values are determined only by the transition probabilities, then smoothed with sliding windows, and finally used to discriminate between normal and abnormal behavior. Two empirical evaluations on datasets from Purdue University and AT＆T Shannon Lab show that the proposed method can achieve higher detection accuracy and require less memory than the other traditional methods.

关键词： intrusion detection anomaly detection shell command discrete-time Markov chain (DTMC)

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：