Abnormal detection of processes based onimproved rough set value reduction algorithm
WANG Hui,LIU Feng,ZHAO Zhi-hong,LUO Bin
(Software Institute, Nanjing University, Nanjing 210093, China)
Abstract:This paper proposed a new method for abnormal detection of processes based on RS value reduction and system calls.Improved the algorithm of rough set value reduction based on discernibility matrix to increase the reduction efficiency.And built a new detection model.It could not only tell whether the process was normal or abnormal, but also identified the type of the abnormality.First,made a decision table by using the k positions in the short sequences of system calls as the conditional attributes and the type of the process as the decision attribute.Then applied the new RS value reduction algorithm to extract a rule set.At last,identified the type of the process by the statistical figures of comparison between the process’ sequences of system calls and the rule set.The experiment shows that this method can identify the processes’ types efficiently and correctly. ......