计算机工程与应用 ›› 2007, Vol. 43 ›› Issue (15): 140-143.

• 网络、通信与安全 • 上一篇    下一篇

基于支持向量方法和击键序列的主机入侵检测

刘志才,彭 宏,邓 爽,赵毓高   

  1. 西华大学 数学与计算机学院,成都 610039
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2007-05-21 发布日期:2007-05-21
  • 通讯作者: 刘志才

Host-based intrusion detection based on support vector approach and keystroke sequences

LIU Zhi-cai,PENG Hong,DENG Shuang,ZHAO Yu-gao   

  1. School of Mathematics & Computer Science,Xihua University,Chengdu 610039,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2007-05-21 Published:2007-05-21
  • Contact: LIU Zhi-cai

PDF

摘要: 击键特征是一种能反映用户行为的动态特征,可作为识别用户的信息源。传统方法不仅要求收集大量击键样本来建立识别模型,并且同时需要正例样本与反例样本。但在实际应用中,需要用户提供大量的训练样本是不现实的,并且反例样本收集比正例样本收集困难。为此,提出一种新的以击键序列为信息源的主机入侵检测模型。在小样本和仅有正例的情况下,通过One-Class支持向量机(OCSVM)来训练检测模型,通过对用户的击键行为是否偏离正常模型来检测入侵。仿真实验结果表明该模型具有较好的检测效果。

关键词: 击键特征, 入侵检测, 身份认证, One-Class支持向量机

Abstract:

The keystroke sequences are dynamic behaviors which can be used to measure users’ characteristics,so it has many advantages to indicate users in system.Previous work in this area has shown the keystroke sequences as a real possibility to authenticate a user,but it needs a large user’s and imposter’s data set to establish a keystroke detection model,that’s impossible in practice,otherwise,it is more difficult to get imposter’s patterns than normal user’s.In this paper,we present an anomaly detection model based on keystroke sequences,by using OCSVM algorithm,it only needs a few owner’s patterns to establish an anomaly detection model.Experimental results show that the OCSVM algorithm is promising.

Key words: keystroke characteristics, intrusion detection, identity authentication, OCSVM

京ICP备13024262号-1
Copyright © 《计算机工程与应用》编辑部
技术支持:北京玛格泰克科技发展有限公司
总访问量
今日访问
在线人数