中国邮电高校学报(英文)
• Wireless • 上一篇 下一篇
田新广; 高立志; 孙春来; 段洣毅; 张尔扬
收稿日期:
修回日期:
出版日期:
通讯作者:
TIAN Xin-guang; GAO Li-zhi; SUN Chun-lai
Received:
Revised:
Online:
Contact:
关键词:
Abstract: This paper presents a new anomaly detection method based on machine learning. Applicable to host-based intrusion detection systems, this method uses shell commands as audit data. The method employs shell command sequences of different lengths to characterize behavioral patterns of a network user, and constructs multiple sequence libraries to represent the user’s normal behavior profile. In the detection stage, the behavioral patterns in the audit data are mined by a sequence-matching algorithm, and the similarities between the mined patterns and the historical profile are evaluated. These similarities are then smoothed with sliding windows, and the smoothed similarities are used to determine whether the monitored user’s behaviors are normal or anomalous. The results of our experience show the method can achieve higher detection accuracy and shorter detection time than the instance-based method presented by Lane T. The method has been successfully applied in practical host-based intrusion detection systems.
Key words: intrusion detection; machine learning; anomaly detection; shell command
中图分类号:
TP393. 01
TIAN Xin-guang; GAO Li-zhi; SUN Chun-lai. A method for anomaly detection of user behaviors based on machine learning[J]. Acta Metallurgica Sinica(English letters), doi: 1005-8885(2006)02-0061-05 .
0 / / 推荐
导出引用管理器 EndNote|Ris|BibTeX
链接本文: https://jcupt.bupt.edu.cn/CN/1005-8885(2006)02-0061-05
https://jcupt.bupt.edu.cn/CN/Y2006/V13/I2/61