Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Intrusion detection method based on improved OBS-NMF algorithm

An intrusion detection and algorithm technology, applied in computing, computer security devices, instruments, etc., can solve problems affecting detection results, difficult selection of thresholds, and low algorithm stability

Inactive Publication Date: 2010-10-20
探知图灵科技(西安)有限公司
View PDF1 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, the algorithm stability of this anomaly detection model is not high, and the convergence cannot be guaranteed. At the same time, the selection of the threshold is relatively difficult, which affects the detection effect.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Intrusion detection method based on improved OBS-NMF algorithm
  • Intrusion detection method based on improved OBS-NMF algorithm
  • Intrusion detection method based on improved OBS-NMF algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] refer to figure 1 , refer to figure 1 Concrete implementation steps of the present invention are as follows;

[0047] Step 1, data collection.

[0048] When the client computer is running, when the system is running normally, a single program will generate multiple processes during the execution process. The process jumps to the kernel location called system_call through the interrupt command 0x80, enters the system call processing program, and calls related The kernel function returns to the user space after the execution is completed, and the system call sequence generated by the process is obtained by patching the kernel or intercepting the application program in the system, such as the Strace method.

[0049] Step 2, construct process vector.

[0050] For the collected raw data, first of all, it needs to be grouped, the system call data is grouped according to the process, and the system calls under the same process are grouped into one group; secondly, a process...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses an intrusion detection method based on improved OBS-NMF algorithm, mainly aiming at solving the existing problems in the current technology such as low capability of processing high dimensional data, weak robustness, small selection range of threshold value and undesired detection results. The realization thereof steps are as follows: (1) collecting a call of a progress system; (2) constructing and simplifying the training matrix; (3) carrying out lowering dimension decomposition on the training matrix; (4) judging whether the convergence conditions are satisfied, if so, then performing step (5), if not, returning to step (3) to carry out iteration continuously until the maximum iterations are reached; (5) constructing a test matrix U; (6) utilizing a basis matrix W to solve the characteristic coefficient vector hu of U; (7) solving the abnormality of the process vector in U; and (8) setting the threshold value lambda and outputting the detection results. The invention has the advantages of simple realization, favorable stability, high detection precision, large selection range of the threshold value and strong instantaneity, and can be applied to real-time intrusion detection based on host system call.

Description

technical field [0001] The invention belongs to the technical field of computer security, in particular to a computer security intrusion detection method, which can be used to solve the abnormal detection of computer process behavior. Background technique [0002] Computer security has been studied since the early 1970s, but their research results were once ignored. It was not until April 1980 that a technical report made by James P.Anderson for the US Air Force was recognized as the pioneer of intrusion detection. For the first time, this technical report entitled "Computer Security Threat Monitoring and Surveillance" elaborated the concept of intrusion detection in computer systems for the first time, and also proposed the idea of ​​using audit trail data to monitor intrusion activities. As people's dependence on computer networks continues to increase, traditional network security technologies cannot provide effective protection. As a supplement to traditional technologie...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/00G06F21/55
Inventor 马文萍焦李成赵富家公茂果刘芳王爽尚荣华马晶晶
Owner 探知图灵科技(西安)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com