%0 Journal Article
%T Overview of Anomaly Detection Based on Program
基于程序的异常检测研究综述
%A HUANG Jin-zhong
%A ZHU Miao-liang
%A
黄金钟
%A 朱淼良
%J 计算机科学
%D 2011
%I
%X In terms of methods describing normal program behavior, anomaly detection based on program can be grouped into several broad categories; specification-based, frectuency-based, control-flow-based, and data-flow-based. After reviewing systematically the basic ideas and various models used in these approaches, discussing the new advances of the technique, pointing out and analyzing some problems and weaknesses which exist in current research, this paper formulcted a notion that anomaly detection based on program should focus attention on various server programs. A system prototype based on the hierarchical structure of server programs' traces and validated by a preliminary experiment was simply introduced. The prototype is capable of analyzing anomalous events and providing detailed information with resped to intrusion,and these abilities are just the trend for more research of anomaly detection.
%K Intrusion detection
%K Anomaly detection
%K Anomaly analysis
%K System call
%K Server programs
%K Structural pattern recognition
入侵检测,异常检测,异常分析,系统调用,服务器程序,结构模式识别
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=64A12D73428C8B8DBFB978D04DFEB3C1&aid=B64E2EF1739A75D5D0A2488113C509DC&yid=9377ED8094509821&vid=16D8618C6164A3ED&iid=B31275AF3241DB2D&sid=DF92D298D3FF1E6E&eid=91A4025B474692BB&journal_id=1002-137X&journal_name=计算机科学&referenced_num=0&reference_num=81