%0 Journal Article
%T Research on Syscall-based Intrusion Detection Technology for Linux System<br>基于系统调用的Linux系统入侵检测技术研究*
%A JIA Chun-fu
%A ZHONG An-ming
%A ZHOU Xia
%A TIAN Ran
%A DUAN Xue-tao
%A <br>贾春福
%A 钟安鸣
%A 周霞
%A 田然
%A 段雪涛
%J 计算机应用研究
%D 2007
%I 
%X A process-orientated intrusion detection method based on system call for Linux system was proposed: The LKM(Loadable Kernel Modules) technology running in the kernel space was used to obtain the system calls of a process,and the Markov model based on the maximum likelihood syscall short sequences was used to describe the normal profile and to detect the anomaly of a process.Experiments show good feasibility and validity of this scheme.Some key problems of the implementation for the scheme were discussed.
%K IDS
%K system call
%K LKM(loadable kernel modules)
%K maximum likelihood
%K Markov model<br>入侵检测
%K 系统调用
%K 可加载内核模块技术
%K 极大似然
%K 马尔可夫模型
%K 系统调用短序列
%K Linux
%K 入侵检测
%K 技术研究
%K System
%K Technology
%K Intrusion
%K Detection
%K 问题
%K 分析
%K 有效性
%K 检测方法
%K 实验
%K 异常行为
%K 识别
%K 行为特征
%K 提取
%K 模型
%K Markov
%K 极大似然
%K 使用
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=A9D9BE08CDC44144BE8B5685705D3AED&aid=EF4AD2E7BFCF0B3016CECF41EC74C7C0&yid=A732AF04DDA03BB3&vid=B91E8C6D6FE990DB&iid=E158A972A605785F&sid=2922B27A3177030F&eid=2DBBF45CC176713E&journal_id=1001-3695&journal_name=计算机应用研究&referenced_num=0&reference_num=10