Computer Engineering and Applications ›› 2012, Vol. 48 ›› Issue (6): 86-89.

• 网络、通信、安全 • Previous Articles     Next Articles

Research on intrusion detection based on LZW algorithm and Bayesian MARS

LI Zhihui, WANG Qing, SHAO Chunyan, ZHANG Shu   

  1. Computer Science and Technology College, Harbin Engineering University, Harbin 150001, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2012-02-21 Published:2012-02-21

基于LZW算法和贝叶斯MARS的入侵检测研究

李智慧,王 晴,邵春艳,张 束   

  1. 哈尔滨工程大学 计算机科学与技术学院,哈尔滨 150001

Abstract: An approach of intrusion detection based on LZW algorithm is proposed. System call sequences are used as feature data. And the system call sequences are divided in the way of variable length and compressed by LZW algorithm before detecting. In application of LZW algorithm, it is adjusted to be adapted to division of variable length sequences. Bayesian Multivariate Adaptive Regression Spline(MARS) is used as classifier to identify the intrusion data. The experimental results show that LZW algorithm conforms to the inherent law of system call sequence. A good performance is achieved with a high compression ratio. The intrusion detection algorithm combining with LZW and Bayesian MARS algorithm performs steadily with various data, which is practicable and feasible.

Key words: intrusion detection, system call, LZW algorithm, variable-length sequence division, Bayesian Multivariate Adaptive Regression Spline(Bayesian MARS)

摘要: 提出了一种基于LZW算法的入侵检测算法。使用系统调用序列作为特征数据,采用LZW算法对系统调用序列数据进行变长短序列划分,同时对短序列进行压缩,并在应用的过程中对LZW算法进行适当调整以适应序列的划分。通过贝叶斯多元自适应回归样条(贝叶斯MARS)模型,对正常和异常序列进行分类并标识入侵。实验结果表明,基于LZW变长序列划分方法符合系统调用序列的内在规律,在较高压缩比的情况下,获得了很好的检测性能。LZW算法与贝叶斯MARS相结合的入侵检测算法,对各种数据表现稳定,具有一定可行性和实用性。

关键词: 入侵检测, 系统调用, LZW算法, 变长序列划分, 贝叶斯多元自适应回归样条(贝叶斯MARS)