对正常行为的描述是异常检测系统必须要解决好的核心问题之一。
Describing normal behaviors is one of the difficulties that an anomaly detection system faces.
如果一个实际的入侵行为稍有偏差就有可能与正常的模式相匹配,而异常检测系统则无法检测到这种入侵行为。
In addition, an actual intrusion with a small deviation may match normal patterns. So the intrusion behavior cannot be detected by the detection system.
针对网络入侵的不确定性导致异常检测系统误报率较高的不足,提出一种基于Q-学习算法的异常检测模型(QLADM)。 该模型把Q-学习、行为意图跟踪和入侵预测结合起来,可获得未知入侵行为的检测和响应。
To the problems higher rate of false retrieval in anomaly detection system due to the uncertainty of intrusion, this paper presents an Anomaly Detection Model Based on Q- Learning Algorithm (QLADM).
当时,只有很少的一些研究中心使用用以检测免疫系统是否出现异常的CD4血细胞计数。
At the time, use of the CD4 blood count to detect serious abnormalities of the immune system was limited to a few research centers.
服务实现中的工具代码用于检测和记录系统级和应用级异常。
Instrumentation code within service implementation detects and logs system - and application-level exceptions.
在系统中,既综合了基于异常行为的入侵检测和基于特征的入侵检测技术,在配置上又采用了主机配置和网络配置相互配合的方式。
In the system, apply the Intrusion detection technique of the based on unusual behavior and signature-based, and adopt the way of host and network configuration cooperating each other.
这个技术检测了免疫系统发现蛋白质之间微小差别及异常抗原抗体反应的能力。
This technique detects the immune system's ability to spot minor differences in proteins and novel antigen-antibody interactions.
但是,现今许多签字检测和非签字检测都是针对操作系统级而不是系统管理级,而且还不能保证对所有异常行为作出正确响应。
But many signature detection and non-signature detection approaches are at the operating system level not at the DBMS level, and cannot guarantee the prompt response for all abnormal behaviors.
交通异常情况检测一直是交通管理中的重要任务,其在智能交通系统中显得尤为重要。
The traffic abnormity detection is a important task in the traffic manage system, and it becomes more important in the ITS.
该系统实现了误用检测、异常检测、攻击源追踪三个方面的功能。
This system has three functions: misused detection, anomaly detection, and attack source traceback.
提出了一个基于系统调用宏的异常检测模型。
A new anomaly detection model based on system call macro was presented.
本文提出了一种自动模型及其系统结构的有效实现,并用算法自动建立了在噪声数据上的异常检测模型。
An automatic model and its system architecture are presented, and an algorithm that automatically builds abnormally detecting models on noisy data is realized.
本文在深入分析高光谱数据特点的基础上,系统地研究了基于光谱维的图像异常检测方法。
Based on the analysis of characteristics of hyperspectral imagery, the methods of anomaly detection are studied systematically in this paper.
为降低虚警率,提出嵌入数据异常检测和恢复功能的BIT系统改进模型,并证明了该模型的有效性。
For decreasing FAR, an improved model for BIT systems with embedded abnormal data detecting and renewing functions was proposed, and the effectiveness of the proposed model was proved.
该文提出一种基于TCP包头异常检测的系统扫描检测方法THAD。
This paper presents a new method based on TCP packet anomaly detection (THAD) to detect system scans.
首先建立了系统运行的HMM,在此模型基础上提出了依赖于节点的异常检测算法。
We focus on the issues related to found a HMM for the behavior of system, and bring forward an algorithm of anomaly detection relied on node.
该系统模型既综合了基于异常行为的入侵检测和基于特征的入侵检测技术,在配置上又采用主机配置和网络配置相互配合的方式。
This model uses not only misuse but also anomaly detection technology, and at deployment the host based subsystem cooperates with the network-based subsystem.
其中规则库中包含正常行为规则和异常行为规则,使得原型系统在理论上既可实现误用检测也可实现异常检测,并采用关联规则挖掘模块对网络连接数据进行处理。
The rule sets of the system include normal behavior rules and abnormal behavior rules, it make the system can carry out the anomaly detection and misuse detection in theory.
流量异常检测模块的目的是完成具体的检测任务,它也是检测系统的核心部分。
The aim of the traffic abnormality detecting module is to accomplish detecting tasks, the kernel of the detecting system.
设计的网路流量突发异常检测原型系统能够报告持续性突发的出现时间范围、平均聚集值,突变性突发的发生时间、峰值。
The network traffic burst detection archetype system can report the time range and aggregate mean value for the lasting bursts, break time point and peak value for abrupt bursts.
挖掘系统审计记录构造用户的行为轮廓,是异常检测的常见方法。
Mining audit trails to derive the normal user profiles is the common method adapted by anomaly detection.
实际应用表明,添加了异常数据检测系统的垂直搜索引擎,能够为用户提供更高质量的个性化服务。
The application shows that the system which has abnormal data detection system can provide high quality personalized service.
针对异常发现技术和模式匹配技术各有利弊的特点,设计了将这两种技术综合运用的网络入侵检测系统。
On the base of the characteristic of modes of anomaly-based and signature-based, a network invasion detection system is proposed to use the virtue of two modes to detect network invasion.
本文的异常检测的计算机免疫系统,全面,深入地讨论了这个问题。
This paper discussed the problem of anomaly detection in computer immune system roundly and deeply.
SEP有特定的解剖学基础,能有效地显示感觉系统的异常改变,是一种灵敏可靠的功能学检测手段。
At the base of special anatomy, SEP is a sensitive, reliable tool for determining the function, which can reflect the dysfunction of the sensory system.
重点论述了两种典型的入侵检测方法—异常行为检测方法和比较学习检测方法的基本原理,并在此基础上实现了一个实际的入侵检测专家系统。
And then the two typical methods of the intrusion detection on its importance are discussed-the basic concept of anomaly detection method and compared study detection method.
传统的计算机设计系统的安全监视功能存在日志数据冗余和异常线索检测时延过长等固有问题。
The redundant data in log files and the delay for detecting abnormal trails are the inherent problems existing in the traditional secure monitoring subsystem of a computer system.
入侵检测通过分析审计事件,发现系统中异常活动,是电子警务安全保护的一条重要途径。
Intrusive-detection is an important approach to protecting electronic policing by means of analyzing the audit affairs and detecting the abnormal events in the system.
入侵检测通过分析审计事件,发现系统中异常活动,是电子警务安全保护的一条重要途径。
Intrusive-detection is an important approach to protecting electronic policing by means of analyzing the audit affairs and detecting the abnormal events in the system.
应用推荐