Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (20): 118-120.DOI: 10.3778/j.issn.1002-8331.2008.20.036

• 网络、通信、安全 • Previous Articles     Next Articles

Research on system call sequence audit based on genetic algorithm

WANG Wen-qi1,DONG Zhi-yong1,SHI Xing-jian2   

  1. 1.College of Computer Science,Zhongyuan University of Technology,Zhengzhou 450007,China
    2.Tianjin Education Examinations Authority,Tianjin 300387,China
  • Received:2008-02-21 Revised:2008-05-05 Online:2008-07-11 Published:2008-07-11
  • Contact: WANG Wen-qi

基于遗传算法的系统调用序列审计研究

王文奇1,董智勇1,史兴键2   

  1. 1.中原工学院 计算机学院,郑州 450007
    2.天津市教育招生考试院,天津 300387
  • 通讯作者: 王文奇

Abstract: After analyzing old audit algorithm about system call,an Audit Algorithm Based on Genetic algorithm(AABG) is proposed in this paper.The system call of running process is intercepted according to the requirement of genetic algorithm.At the course of auditing,the rule of audit is evolved by genetic algorithm,thus the unknowed attack can be analyzed.At the same time the wildcard in the rules can greatly reduce the number of audit rules,which results to improve the efficiency of the audit.Finally,the relation,which the number of wildcards and credibility impact the number of rules and veracity,is analyzed.

Key words: system call, Genetic Algorithm, wildcard, credibility

摘要: 在分析已有通过系统序列调用分析入侵行为的基础上,提出了一种基于遗传算法的系统调用序列审计算法。该算法首先从系统运行的进程中截获并生成系统调用序列,并通过遗传算法对其进行演化,来达到对未知攻击调用序列审计的目的。算法的规则中使用通配符可以大大减少审计规则的数量,从而提高审计系统的运行效率,最后分析了通配符个数以及信任度对规则数量和准确率的影响。

关键词: 系统调用, 遗传算法, 通配符, 信任度