计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (35): 92-94.DOI: 10.3778/j.issn.1002-8331.2008.35.027

• 网络、通信、安全 • 上一篇    下一篇

系统调用异常检测模型研究

张志利,何聚厚   

  1. 陕西师范大学 计算机科学学院,西安 710062
  • 收稿日期:2008-07-22 修回日期:2008-10-17 出版日期:2008-12-11 发布日期:2008-12-11
  • 通讯作者: 张志利

Study of system calls anomaly detection model

ZHANG Zhi-li,HE Ju-hou   

  1. School of Computer Science,Shaanxi Normal University,Xi’an 710062,China
  • Received:2008-07-22 Revised:2008-10-17 Online:2008-12-11 Published:2008-12-11
  • Contact: ZHANG Zhi-li

摘要: 应用程序系统调用的执行序列可以体现出应用程序运行的行为特征,因此通过检测系统调用可以进行异常检测。针对已有算法模式库规模比较大的不足,提出了一种基于遗传算法的系统调用异常检测方法。首先用滑动窗口将系统调用序列划分成长度固定的短序列,然后用遗传算法对系统调用短序列进行学习,建立模式库,用单模式不完全匹配方法对测试数据进行检测。实验表明该方法达到了较好的检测效果。

关键词: 异常检测, 遗传算法, 系统调用短序列

Abstract: The sequences of system calls can indicate the running behavior feature of application,so it is used in abnormal detection.This paper presents a new method based on genetic algorithm and STIDE(Sequence Time-Delay Embedding).Based on basic short sequences of system calls those are created by STIDE algorithm,a pattern set is built using genetic algorithm.Compared with the existing algorithm,the contribution is reduced the size of pattern set.The experimental results show that the method can achieve high detection performance.

Key words: anomaly detection, genetic algorithm, short sequence of system calls