【摘要】 对进程级的入侵检测技术进行了研究,提出了一种基于均值Hamming距离的异常入侵检测方法—AHDAD,监控对象为特权进程的系统调用序列,通过计算偏离量检测入侵。AHDAD算法简单、检测准确率高、时间开销小,使实时入侵检测成为可能。最后,用原型实验证实了方法的可行性。更多还原

【Abstract】 The intrusion detection techniques at the level of system processes are discussed, and a new method named AHDAD (Average Hamming Distance-based Anomaly intrusion Detection) is presented, which can be used to monitor the sequences of system calls in privileged processes and calculate deviation to discriminate between normal and abnormal. The method has some advantages, such as algorithm simplicity, low overhead of time, high accuracy and real-time detection. The prototype experiment results prove the validation of it.更多还原