Intrusion detection method based on crude entropy property reduction

A technology of attribute reduction and intrusion detection, which is applied in the direction of platform integrity maintenance, electrical components, transmission systems, etc., can solve problems such as the real-time performance and prediction accuracy requirements of the intrusion detection system, and the attribute importance model is not considered.

Inactive Publication Date: 2014-11-19
NANJING UNIV
View PDF2 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, these algorithms do not consider the attribute importance model constructed by using rough entropy, so they cannot meet the real-time and prediction accuracy requirements of the intrusion detection system through attribute reduction.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on crude entropy property reduction
  • Intrusion detection method based on crude entropy property reduction
  • Intrusion detection method based on crude entropy property reduction

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0050] The present invention will be described in detail below in conjunction with the accompanying drawings.

[0051] Such as figure 1 As shown, the intrusion detection system based on the process call uses the process call sequence acquisition device to obtain the process call sequence, after preprocessing the sequence such as formatting, and then generates feature rules based on the sequence, which is then used for intrusion identification. The results of intrusion identification can be followed by subsequent processing such as alarm association and intrusion tracking. The present invention only performs identification and does not perform subsequent processing on the process.

[0052] Based on the rough entropy theory in rough sets, the present invention divides the implementation of intrusion detection into two stages of training and detection, such as figure 2 shown. The key of the invention is to use the attribute reduction method based on rough entropy to generate t...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an intrusion detection method based on crude entropy property reduction. The method comprises the following steps of: (1) training: collecting a system calling sequence of a known type process for serving as a training set, counting the occurrence rate of system calling in a certain type of process in the training set, performing normalization processing on the sequence to generate a short sequence set, calculating the property importance of short sequences on the basis of a property important model, sequencing, training a certain type of process classifying rule on the basis of a crude entropy property reduction algorithm, repeating b, c and d to obtain the classifying rules of all types of processes in the training set to obtain a process classifying rule set, and ending; and (2) detecting: collecting the system calling sequence of a process to be detected, pre-processing the calling sequence to generate a short sequence set, identifying a process type according to the process classifying rule, judging whether the process is abnormal, and ending. Due to the adoption of the intrusion detection method, the detection accuracy is increased on the premise of ensuring computing easiness, and the false alarm rate is lowered remarkably.

Description

technical field [0001] The invention relates to an intrusion detection method based on host system call sequence analysis, in particular to an intrusion detection method based on rough entropy sequence information system attribute reduction. Background technique [0002] Intrusion detection technology is a new type of network security technology that has emerged in the past 20 years. As an important security guarantee behind the firewall, the intrusion detection system can detect various forms of intrusion, and is an important part of the modern computer network security system. In the environment of rapid development of network technology and increasingly prominent network security issues, traditional intrusion detection systems have been difficult to meet the detection tasks of increasingly complex network attacks. One of the difficulties is that intrusion detection systems are often difficult to quickly analyze and process the collected data. large amount of data. The e...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/55H04L29/06
Inventor 刘峰李威赵志宏骆斌
Owner NANJING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap