互联网 qkzz.net
全刊杂志网:首页 > 女性 > 文章正文
刊社推荐

基于粗糙集值约简改进算法的进程异常检测王 辉 刘 峰 赵志宏 骆 斌


摘 要:提出一种新的基于粗糙集值约简和系统调用的进程异常检测方法。为了提高约简效率,改进了基于差别矩阵的粗糙集值约简算法。另外创建了一种新的检测模型,能在判断进程是否异常的基础上进一步识别异常种类。它以系统调用短序列中k个位置作为条件属性集,以进程类型作为决策属性,建立决策表;然后使用改进的值约简算法提取规则集,并对规则匹配的结果作统计;最后判断进程类别。实验表明该方法能高效准确地识别异常进程的种类。
  关键词:系统调用;粗糙集;约简;异常检测
  中图分类号:TP393.08 文献标志码:A
  文章编号:1001-3695(2010)03-1064-04
  doi:10.3969/j.issn.1001-3695.2010.03.072
  
  Abnormal detection of processes based onimproved rough set value reduction algorithm
  
  WANG Hui,LIU Feng,ZHAO Zhi-hong,LUO Bin
  (Software Institute, Nanjing University, Nanjing 210093, China)
  Abstract:This paper proposed a new method for abnormal detection of processes based on RS value reduction and system calls.Improved the algorithm of rough set value reduction based on discernibility matrix to increase the reduction efficiency.And built a new detection model.It could not only tell whether the process was normal or abnormal, but also identified the type of the abnormality.First,made a decision table by using the k positions in the short sequences of system calls as the conditional attributes and the type of the process as the decision attribute.Then applied the new RS value reduction algorithm to extract a rule set.At last,identified the type of the process by the statistical figures of comparison between the process’ sequences of system calls and the rule set.The experiment shows that this method can identify the processes’ types efficiently and correctly. ......
很抱歉,暂无全文,若需要阅读全文或喜欢本刊物请联系《计算机应用研究》杂志社购买。
欢迎作者提供全文,请点击编辑
分享:
 

了解更多资讯,请关注“木兰百花园”
分享:
 
精彩图文


关键字
支持中国杂志产业发展,请购买、订阅纸质杂志,欢迎杂志社提供过刊、样刊及电子版。
关于我们 | 网站声明 | 刊社管理 | 网站地图 | 联系方式 | 中图分类法 | RSS 2.0订阅 | IP查询
全刊杂志赏析网 2017