论文部分内容阅读
针对传统杀毒软件采用的基于特征的检测与单点片断式阻断方式的不足,提出了一种基于自适应滑动窗口的桌面异常行为阻断模型.以多阶一致指数迭代检测算法为基础,对Windows内核系统调用序列进行分析和检测,设计了带滑动窗口的自适应式阻断机制,提出了正常密集度和异常密集度两项衡量进程安全状态的指标,并以此确定滑动窗口步长修正的时机.利用网络熵理论确定滑动窗口步长修正的幅度.实验表明:不同于杀毒软件的行为阻断方式,该模型可更早发现并追踪入侵行为,且较之固定窗口阻断模型,平均阻断时间缩减近半.
Aiming at the deficiencies of traditional anti-virus software based on feature detection and single-point piece-wise blocking, a desktop abnormal behavior blocking model based on adaptive sliding window is proposed. Based on multi-order consensus iterative detection algorithm, Windows kernel system call sequence analysis and detection, designed with sliding window adaptive blocking mechanism, put forward the normal concentration and abnormal density of two indicators of process safety status, and to determine the sliding window step correction .This paper uses network entropy theory to determine the magnitude of the correction of the sliding window step size.Experiments show that, unlike the anti-virus software behavior blocking method, the model can detect and track intrusion earlier, and compared with the fixed window blocking model, the average Blocking time reduced by nearly half.