Host computer intrude detecting method decomposed based on inherent subsequence mode

An intrusion detection and pattern decomposition technology, applied in computer security devices, instruments, electrical digital data processing, etc., can solve the problem of intrusion detection that cannot be universally applied, the NativeAPI calling process is complex, and the calculation, training and establishment of first-order and second-order model parameters Problems such as complex model process
CN101252578AActive Publication Date: 2008-08-27四川电子科技大学教育发展基金会
2 Cites 7 Cited by

Patent Information

Authority / Receiving Office
CN · China
Current Assignee / Owner
四川电子科技大学教育发展基金会
Publication Date
2008-08-27

Smart Images

  • Figure 1
    Figure 1
  • Figure 2
    Figure 2
Patent Text Reader

Abstract

The invention discloses a host computer invasion detection method based on the natural subsequence mode decomposition. The method includes the following steps: firstly, defining rules; obtaining Windows Native API data sequence, decomposing process sequences into natural subsequence mode sets and then layering the natural subsequence modes according to the support degree; thirdly, decomposing suspected sequences into a plurality of layers respectively containing natural sequence modes with similar support degrees; fourthly, matching the normal process sequences with the suspected sequences according to the corresponding layers, calculating the abnormal degree according to the matched number and judging if the suspected sequences are abnormal. The method overcomes the disadvantages existed in the prior art and can accurately and effectively identify the current attacks and the new increasing attacks.
Need to check novelty before this filing date? Find Prior Art

Description

technical field

[0001] The invention relates to the technical field of computer security, in particular to a host intrusion detection method. Background technique

[0002] The development of computer networking technology has changed the computing model dominated by stand-alone computers. However, the risks and opportunities of network intrusion have correspondingly increased dramatically. Designing security measures to prevent unauthorized access to system resources and data is a very important and urgent problem in the field of network security. Intrusion detection is a kind of network security technology produced and developed under this background. Specifically, intrusion detection is to monitor the operating status of the network system, detect and discover various attack attempts, attack behaviors or attack results, so as to ensure the confidentiality, integrity and availability of system resources. Intrusion detection technology is mainly divided into two categorie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More