%0 Journal Article
%T A Two-Layer Markov Chain Anomaly Detection Model<br>一个两层马尔可夫链异常入侵检测模型
%A XU Ming
%A CHEN Chun
%A YING Jing
%A <br>徐明
%A 陈纯
%A 应晶
%J 软件学报
%D 2005
%I 
%X On the basis of the current single layer Markov chain anomaly detection model, this paper proposes a new two-layer model. Two distinctly different processes, the different requests and the system call sequence in the same request section, are classified as two layers and dealt with by different Markov chains respectively. The two-layer frame can depict the dynamic activity of the protected process more exactly than the single layer frame, so that the two-layer detection model can promote the detection rate and degrade the false alarm rate. Furthermore, the detected anomaly will be limited in the corresponding request sections where anomaly happens. The new detection model is suitable for privileged processes, especially for those based on request-response.
%K Markov chain
%K system call
%K request
%K anomaly detection
%K intrusion detection<br>马尔可夫链
%K 系统调用
%K 请求
%K 异常检测
%K 入侵检测
%U http://www.alljournals.cn/get_abstract_url.aspx?pcid=5B3AB970F71A803DEACDC0559115BFCF0A068CD97DD29835&cid=8240383F08CE46C8B05036380D75B607&jid=7735F413D429542E610B3D6AC0D5EC59&aid=DBEB8A7D959A10E0&yid=2DD7160C83D0ACED&vid=7801E6FC5AE9020C&iid=0B39A22176CE99FB&sid=44A4891E33BFF455&eid=B8F8200D88DDC7D6&journal_id=1000-9825&journal_name=软件学报&referenced_num=1&reference_num=18