|
|
计算机应用研究 2011
Novel anomaly intrusion detection algorithm based on frequent subgraph mining
|
Abstract:
To overcome the limitation that off-line learning process is overly dependent upon the amount of training data in traditional anomaly intrusion detection methods, frequent subgraph mining theory is introduced, combining with the unique derivative ability of the directed graph transformed from the system call sequence, can obtain large quantities of derivative patterns via a relatively small scale of training data. Experimental results indicate that the extended pattern set can effectively increase the detecting ability for the unknown behavior. Meanwhile, with the integrated consideration of local and global characteristic in system call sequence, a reasonable method is proposed for constructing the variable-length patterns.
