This system has three functions: misused detection, anomaly detection, and attack source traceback.
该系统实现了误用检测、异常检测、攻击源追踪三个方面的功能。
The rule sets of the system include normal behavior rules and abnormal behavior rules, it make the system can carry out the anomaly detection and misuse detection in theory.
其中规则库中包含正常行为规则和异常行为规则,使得原型系统在理论上既可实现误用检测也可实现异常检测,并采用关联规则挖掘模块对网络连接数据进行处理。
A new anomaly detection model based on system call macro was presented.
提出了一个基于系统调用宏的异常检测模型。
This paper presents a new method based on TCP packet anomaly detection (THAD) to detect system scans.
该文提出一种基于TCP包头异常检测的系统扫描检测方法THAD。
We focus on the issues related to found a HMM for the behavior of system, and bring forward an algorithm of anomaly detection relied on node.
首先建立了系统运行的HMM,在此模型基础上提出了依赖于节点的异常检测算法。
Moreover, it presents a model of intrusion detection system and strategies for detecting anomaly behaviors.
给出了针对无线网络的入侵检测模型和网络异常行为检测策略。
This paper focus on Anomaly-based Network Intrusion Detection System (ANIDS), which use two methods to design and implement anomaly detection .
ANIDS是基于异常检测技术的入侵检测系统,它从两个方面来实现异常检测。
The network anomaly detection system is made of three modules mainly: data collection module, anomaly judgement module and alert analyse module.
本文的网络异常监测系统主要分为三个模块:数据采集模块、异常判定模块和告警分析模块。
Use data mining methods to analyze the audit data and provide anomaly detection based on the generated normal patterns, this method can improve the performance of intrusion detection system.
利用数据挖掘技术对审计数据加以分析,总结出一些正常模式,用来进行异常检测,将有助于提高入侵检测系统的检测准确性和完备性。
Describing normal behaviors is one of the difficulties that an anomaly detection system faces.
对正常行为的描述是异常检测系统必须要解决好的核心问题之一。
A new two-layer Markov chains anomaly detection model that operated on system call traces was presented.
提出了一个两层马尔可夫链异常入侵检测模型。
The intrusion detection system divides into two categories according to the detection technique: anomaly-based detection system and misuse-based detection system.
入侵检测按照检测技术分为两类:基于异常的入侵检测和基于误用的入侵检测。
For the anomaly detection in the vibration time series of the rotor system, a real-valued negative selection algorithm based on Euclidean distance has been implemented.
针对转子振动时间序列中异常数据的检测问题,采用欧氏距离进行匹配计算,在实数域实现了负向选择算法。
This module incorporate system call anomaly detection modeling methods and monitor file systems and Registry accesses.
该模块是以系统调用检测为核心并且结合文件监控和注册表监控功能。
On the base of the characteristic of modes of anomaly-based and signature-based, a network invasion detection system is proposed to use the virtue of two modes to detect network invasion.
针对异常发现技术和模式匹配技术各有利弊的特点,设计了将这两种技术综合运用的网络入侵检测系统。
To the problems higher rate of false retrieval in anomaly detection system due to the uncertainty of intrusion, this paper presents an Anomaly Detection Model Based on Q- Learning Algorithm (QLADM).
针对网络入侵的不确定性导致异常检测系统误报率较高的不足,提出一种基于Q-学习算法的异常检测模型(QLADM)。 该模型把Q-学习、行为意图跟踪和入侵预测结合起来,可获得未知入侵行为的检测和响应。
Finally, our system is analyzed and evaluated in a "SYN flood" environment, and a method of applying clustering to anomaly detection is added to improve its performance.
最后,本文对系统模型应用于网络拒绝服务攻击环境的实例进行了分析,并提出了一种应用聚类分析对系统的改进方法。
The ID analysis methods have two ways: one is anomaly detection and the other is misuse detection. Nowadays, the most popular IDS is network intrusion detection system using misuse detection method.
入侵检测的分析技术主要分为滥用入侵检测和异常入侵检测,目前国内外流行的网络入侵检测系统大都是采用滥用入侵检测技术。
For the purpose of protecting system resource, process behaviors anomaly at runtime was analyzed and summarized, and a program anomaly detection approach was put forward based on behaviors analysis.
使用这些方法调用系统资源,可以有效地提高程序开发效率,实现更复杂的程序功能,使程序具有较高的专业水平,同时也给出具体实例。
For the purpose of protecting system resource, process behaviors anomaly at runtime was analyzed and summarized, and a program anomaly detection approach was put forward based on behaviors analysis.
使用这些方法调用系统资源,可以有效地提高程序开发效率,实现更复杂的程序功能,使程序具有较高的专业水平,同时也给出具体实例。
应用推荐