Frequent subgraph mining based abnormal intrusion detection method

Abstract

The invention discloses a frequent subgraph mining based abnormal intrusion detection method, which belongs to an intrusion detection method for network security. In the invention, a frequent subgraph mining theory is introduced; and by using the peculiar generative capacity of a system call sequence transformed into digraph structure, a considerable quantity of effective generative characteristic patterns can be obtained by a small scale of training data, which greatly reduces the dependence of an offline learning process on training data quantity, thereby dealing with various conditions in real-time detection more easily; and meanwhile, an expanded characteristic pattern set has an ability to identify unknown program behaviors, which can effectively reduces the false alarm rate of detecting results.

Description

technical field

[0001] The invention relates to an intrusion detection method in network security, in particular to a method for detecting abnormal intrusion in the network by combining frequent subgraph mining theory with system call sequence. Background technique

[0002] With the rapid development of computer networks and the widening of application fields, the security of computers has attracted more and more attention. As an effective means to protect computer security, intrusion detection technology has gradually developed into a core research direction in the field of computer network security.

[0003] The system call sequence generated when the system process is executed contains some specific behavior patterns of the process, extracting and analyzing the patterns exhibited by these system calls, and matching the pattern with the system call sequence generated by the process in real time, can effectively supervise Privileged program activities and identifying abnor...

Images