Applying probabilistic suffix tree to intrusion detection

doi:10.3778/j.issn.1002-8331.2010.23.022

Computer Engineering and Applications ›› 2010, Vol. 46 ›› Issue (23): 79-81.DOI: 10.3778/j.issn.1002-8331.2010.23.022

• 网络、通信、安全 • Previous Articles Next Articles

Applying probabilistic suffix tree to intrusion detection

ZHENG Qi^1，2，JIANG Sheng-yi²，TANG Yong¹

1.Sun Yat-sen College of Medical Science，Sun Yat-sen University，Guangzhou 510080，China
2.School of Informatics，Guangdong University of Foreign Studies，Guangzhou 510006，China

Received:2009-05-12 Revised:2009-07-29 Online:2010-08-11 Published:2010-08-11
Contact: ZHENG Qi

概率后缀树在入侵检测中的应用研究

郑琪^1，2，蒋盛益²，汤庸¹

1.中山大学中山医学院，广州 510080
2.广东外语外贸大学信息科学与技术学院，广州 510006

通讯作者: 郑琪

Abstract

Abstract: System call trace is one of the behavior characters of system process.Each system call of the trace depends on a few previous system calls.Thus，probabilistic suffix tree is used to model the system call trace，and capture the probabilistic characteristic of the system call.Two definitions of abnormal metric are given.When detecting the abnormal trace，train the PST with normal system call traces，and then calculate the abnormal metric of each trace，which is used to compare with a given limit.Experiment shows that this measurement can well distinct normal process from abnormal process.

Key words: intrusion detect, system call trace, probabilistic suffix tree

摘要： 系统调用序列能够反映系统进程的行为特征。而系统调用序列中每个调用的出现都与它之前出现的若干个调用相关。因此可以利用概率后缀树（PST）对系统调用序列建模，反映系统调用基于上下文的概率特性。提出了系统调用序列异常度的定义。在进行序列的异常检测时，先利用正常系统调用序列训练PST模型，然后通过该模型，利用计算未知系统调用序列的异常度，根据给定的阈值判断该序列是否异常。实验表明这一度量对于正常进程与异常进程有着良好的区分效果。

关键词: 入侵检测, 系统调用序列, 概率后缀树

CLC Number:

TP393.08

ZHENG Qi^1，2，JIANG Sheng-yi²，TANG Yong¹. Applying probabilistic suffix tree to intrusion detection[J]. Computer Engineering and Applications, 2010, 46(23): 79-81.

郑琪^1，2，蒋盛益²，汤庸¹. 概率后缀树在入侵检测中的应用研究[J]. 计算机工程与应用, 2010, 46(23): 79-81.

[1]	WANG Zhendong, ZHANG Lin, LI Dahai. Survey of Intrusion Detection Systems for Internet of Things Based on Machine Learning [J]. Computer Engineering and Applications, 2021, 57(4): 18-27.
[2]	CAO Lei, LI Zhanbin, YANG Yongsheng, ZHAO Longfei. Intrusion Detection Method Based on Two-Layer Attention Networks [J]. Computer Engineering and Applications, 2021, 57(19): 142-149.
[3]	SHEN Shaoyu, CAI Manchun, LU Tianliang, ZHAO Qi. Intrusion Detection Algorithm based on LFKPCA-DWELM [J]. Computer Engineering and Applications, 2021, 57(17): 130-137.
[4]	GONG Junhui, HU Xiaohui, DU Yongwen. Research on Selection of Optimal Defense Strategy Based on Evolutionary Game [J]. Computer Engineering and Applications, 2021, 57(13): 116-123.
[5]	LI Jiayue, ZHAO Bo, LI Xiang, LIU Hui, LIU Yifan, ZOU Jianwen. Network Traffic Anomaly Prediction Method Based on Deep Learning [J]. Computer Engineering and Applications, 2020, 56(6): 39-50.
[6]	CHEN Hong, WANG Runting, XIAO Chenglong, GUO Pengfei, HUANG Jie, CHEN Honglin. Research on Intrusion Detection Model Based on DBN-XGBDT [J]. Computer Engineering and Applications, 2020, 56(22): 83-91.
[7]	DI Chong, LI Tong. Network Unknown Attack Detection with Deep Learning [J]. Computer Engineering and Applications, 2020, 56(22): 109-116.
[8]	WANG Pan, SONG Xuehua, WANG Changda, CHEN Feng, XU Xiaqiang, CAI Guanyu. Intrusion Detection Method Based on Improved Deep Belief Network [J]. Computer Engineering and Applications, 2020, 56(20): 87-92.
[9]	CHEN Hong, ZHAO Jianzhi, XIAO Chenglong, CHEN Jianhu, XIAO Yue. Research on Improved Intrusion Detection Model of ADASYN-SDA [J]. Computer Engineering and Applications, 2020, 56(2): 97-105.
[10]	YANG Yanrong, SONG Rongjie, ZHOU Zhaoyong. Network Intrusion Detection Method Based on GAN-PSO-ELM [J]. Computer Engineering and Applications, 2020, 56(12): 66-72.
[11]	WU Depeng, LIU Yi. Intrusion Detection Model Based on Self-Organizing Map of Variable Network Structure [J]. Computer Engineering and Applications, 2020, 56(12): 81-86.
[12]	LIU Yuefeng1, WANG Cheng1, ZHANG Yabin1, YUAN Jianghao2. Multiscale Convolutional CNN Model for Network Intrusion Detection [J]. Computer Engineering and Applications, 2019, 55(3): 90-95.
[13]	JIANG Xinlan, JIA Wenbo. Machine Vision Detection Method for Foreign Object Intrusion in High-Speed Rail Contact Net [J]. Computer Engineering and Applications, 2019, 55(22): 250-257.
[14]	MA Zhanfei1, YANG Jin2, JIN Yi2, BIAN Qi3. Network Intrusion Detection Method Based on IQPSO-IDE Algorithm [J]. Computer Engineering and Applications, 2019, 55(10): 115-120.
[15]	LIU Haiyan, ZHANG Yu, BI Jianquan, XING Meng. Review of technology based on distributed and collaborative network intrusion detection [J]. Computer Engineering and Applications, 2018, 54(8): 1-6.

Applying probabilistic suffix tree to intrusion detection

概率后缀树在入侵检测中的应用研究

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics