Analyzing the performance of program behavior profiling for intrusion detection

机译：分析用于入侵检测的程序行为分析的性能

获取原文

获取原文并翻译 | 示例

获取外文期刊封面目录资料

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

This paper presents an analysis of a sikple equality matching algorithm that detects intrusions against systems by profiling the behavior of programs. The premise for this work is that abnormally behaving programs are a primary indicator of computer intrusions. The analysis uses data coolected by the Air Force Research Laboratory and provided by the MIT Lincoln Laboratory under the 1998 DARPA Intrusion Detection Evaluation program. labeled attack sessions are embedded in normal background traffic so that the analysis can measure the probability of detection simultaneously with the probability of false alarm. The analysis uses Receiver Operator Characteristic (ROC) curves to show the performance of the system in terms of the probability of false alarm and probability of detection for different operating points.

机译：本文介绍了一种通过分析程序行为来检测针对系统的入侵的等式相等匹配算法。这项工作的前提是行为异常的程序是计算机入侵的主要指标。该分析使用了空军研究实验室提供的数据，并由麻省理工学院林肯实验室根据1998 DARPA入侵检测评估计划提供。带有标签的攻击会话被嵌入到正常的后台流量中，因此分析可以同时测量检测到的概率和错误警报的概率。该分析使用接收器操作员特征（ROC）曲线来显示系统的性能，包括错误警报的概率和针对不同工作点的检测概率。

著录项

来源
《IFIP TC11 WG11.3 Thirteenth Working Conference on Database Security July 25-28, 1999, Seattle, Washington, USA》|1999年|p.19-32|共14页
会议地点 Seattle WA(US)
作者
Anup K. Ghosh; Aron Schwartzbard;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类自动化技术、计算机技术;
关键词
Anomalous noise; anomaly detection; equality matching; intrusion detection; Ngram; performance evaluation; ROC curve;

机译：异常噪音；异常检测；相等匹配；入侵检测; Ngram;绩效评估； ROC曲线;

相似文献

外文文献
中文文献
专利

1. Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data [J] . Wei Wang, Xiaohong Guan, Xiangliang Zhang, Computers & Security . 2006,第7期

机译：基于计算机审核数据的跃迁和频率特性的异常入侵检测的程序分析行为
2. Analyzing and evaluating dynamics in stide performance for intrusion detection [J] . Zhuowei Li, Amitabha Das Knowledge-Based Systems . 2006,第7期

机译：分析和评估入侵检测的动态性能动态
3. Improving Anomalous Rare Attack Detection Rate for Intrusion Detection System Using Support Vector Machine and Genetic Programming [J] . Pozi Muhammad Syafiq Mohd, Sulaiman Md Nasir, Mustapha Norwati, Neural processing letters . 2016,第2期

机译：利用支持向量机和遗传程序提高入侵检测系统的异常稀有攻击检测率
4. Analyzing the performance of program behavior profiling for intrusion detection [C] . Anup K. Ghosh, Aron Schwartzbard IFIP TC11 WG11.3 working conference on database security . 2000

机译：分析入侵检测方案行为分析的性能
5. Methods for analyzing of rankings and network intrusion detection . [D] . Kidwell, Paul. 2009

机译：排名和网络入侵检测的分析方法。
6. Using Instructional Design Analyze Design Develop Implement and Evaluate to Develop e-Learning Modules to Disseminate Supported Employment for Community Behavioral Health Treatment Programs in New York State [O] . Sapana R. Patel, Paul J. Margolies, Nancy H. Covell, 2018

机译：使用教学设计分析设计开发实施和评估开发电子学习模块以推广纽约州社区行为健康治疗计划的受支持就业机会
7. Decision-making is the process of analyzing information about a problem situation and comparing it to a specific conclusion in order to solve a specific problematic (Yıkılmaz, 2001; Miller and Byrnes, 2001). Decision-making styles are a mechanism that is influenced by the internal and external conditions that determine the direction of the decisions of the individual, the content of the decision-making process, and the outcome of the decision-making process (Payne, Bettman and Johson, 1993; Bavol’ár and Orosová, 2015). ACT is a contemporary member of the Cognitive Behavioral Therapy family. ACT (Acceptance and commitment therapy) has both similar and different directions with Behavioral Therapies and Cognitive Therapies (Herbet and Forman, 2011; Hayes, 2004). KKT responds to classical behavioral treatments using both existential and cognitive approaches in the analysis of behavior. KKT is a science wing that tries to solve human problems with a wider perspective aimed at solving problematic human behaviors (Plumb, Stewart, Dahl and Lundgren, 2009). It is seen that there is very little research about the new approach of ACT approach when the aiming country of our country is screened and it is thought that our country will contribute to the field of psychological counseling with the work done. In the scope of the research, experimental and control groups and preliminary test, post-test and follow-up measurements of 2x3 experimental design were used. The study's study group consists of a total of 24 (12 experimental and 12 control groups) university students studying in different departments and levels, continuing their education in the academic year of 2015-2016 in Ağrı province and İbrahim Chechen University in 2015-2016 academic year. The average age of participants in the experiment and control group is 20. There were 12 participants in the experimental group, 7 female and 5 male, and 12 participants, 7 female and 5 male in the control group. Personal Information Form and Decision Making Style Scale prepared by the researcher were used in the research. In order to decide on the tests to be used in the course of analyzing the data, the scores of the participant's Decision Styles Scale pre-test, which are placed primarily in the experimental and control groups, it was analyzed whether the basic expectations of parametric tests were answered. As a result of the analysis made, the scores, skewness and kurtosis coefficients obtained from the Decision Making Styles Scale were given to the experimental and control groups. It was determined that the distribution was normal in the result of Shapiro-Wilk test, in which the skewness and kurtosis coefficients of each sub-scale were ranked between -1 and +1. Participants in the experimental and control groups; homogeneity test results for decision-style pre-test measurements indicate that the data are homogeneous. According to the results of the Mauchly Globalness Test, it has been determined that working supports the hypothesis. It was determined that there was no significant difference between the pre-test scores obtained from dependent decision-making style of experiment and control groups, but the test group showed lower mean scores at the significant level within the scores of post-test and follow-up tests. Therefore, it can be said that the ACT-oriented psychoeducation program applied to the experimental group reduces the dependent decision-making style scores from the decision style sub-dimensions and the psychoeducation program has a lasting effect. It was determined that there was no significant difference between pre-test, post-test and follow-up scores obtained from the Spontaneous-Instant Decision Style of experiment and control groups. Thus, it can be said that this situation does not cause a significant difference in the Spontaneous-Decision-Making Style scores from the decision style sub-dimensions of the ACT-oriented psychoeducation program applied to the experimental group. The ACT -oriented psychoeducation program had a decline in the intuitive decision-making styles of the individuals, but this decrease did not create significant differences. Thus, it can be said that this situation does not make a meaningful difference in the intuitive decision style scores from the decision style sub-dimensions of the KKT oriented psychoeducation program applied to the experimental group. The pre-test scores obtained from the rational decision-making style of the experimental and control groups showed that there was a difference between the post-test and the follow-up scores, but this difference was not significant. As a result of the analysis, it was determined that the test group had higher levels of rational decision style than the pre - test scores in the post test and follow - up scores, whereas the post test and follow - up test scores in the control group rational decision style showed a decrease compared to the pre - test scores. the pre - test scores. Decision-making Styles Scale Avoidant Decision Making As a result of the analysis of the mean scores of the subscale scores of pre-test, post-test and follow-up measures, the group effect was found to be insignificant. It was determined that the experimental and control groups differed significantly from the pre-test scores obtained from the avoidant decision-making style but did not show any significant change within the scores of the post-test and follow-up tests. [O] . mustafa ercengiz, ali haydar şar 2018

机译：决策是分析有关问题情况的信息并将其与特定结论进行比较的过程，以解决特定的问题（Yıkılmaz，2001; Miller和Byrnes，2001）。决策风格是一种机制，受到内部和外部条件的影响，确定个人决定的方向，决策过程的内容以及决策过程的结果（PAYNE，BETTMAN和BEDNE） Johson，1993;Bavol'ár和奥萨洛瓦，2015）。法案是认知行为治疗家庭的当代成员。行为（验收和承诺治疗）具有与行为疗法和认知疗法的类似和不同方向（Herbet和Forman，2011; Hayes，2004）。 KKT在分析行为中使用存在性和认知方法来响应古典行为治疗方法。 KKT是一个科学翼，试图解决人类问题，旨在解决有问题的人类行为（铅垂，斯图尔特，Dahl和Lundgren，2009）。有人认为，当我们国家的瞄准国家进行筛选时，有关行动方法的新方法几乎没有研究，并且认为我们的国家将为完成工作做出贡献的心理咨询领域。在研究的范围内，使用实验和对照组和初步测试，使用后测试和后续测量的2x3实验设计。该研究的研究小组包括共24名（12个实验和12个对照组）大学学生在不同的部门和水平上学习，在2015-2016学术上继续进行2015-2016的学术年度2015-2016学年年。实验和对照组参与者的平均年龄是20.实验组中有12名参与者，7名女性和5名男性，12名参与者，7名女性和5名男性。研究人员准备的个人信息表格和决策制定风格规模在研究中使用。为了决定在分析数据的过程中使用的测试，参与者的决策风格刻度预测的分数主要在实验和对照组中进行，分析了参数的基本期望吗？测试得到了回答。由于对实验和对照组给出了从决策曲调标度获得的分数，偏移和峰度分子系数。确定该分布是正常的在成熟的-WILK试验结果中，其中每亚级的偏差和刚度系数在-1到+1之间排名。实验和对照组的参与者;决策式预测测量的同质性测试结果表明数据是均匀的。根据毛毛环保试验的结果，已确定工作支持假设。据确定，从依赖决策风格的实验和对照组获得的预测分数之间没有显着差异，但测试组在测试后的分数内显示出较低的平均分数和后续的分数 - 测试。因此，可以说，应用于实验组的面向活动的心理教育程序减少了决策风格子维度的依赖决策风格分数，并且心理教育程序具有持久的效果。据确定，从实验和对照组自发决策风格获得的预测试，测试后和后续评分之间没有显着差异。因此，可以说这种情况不会导致从应用于实验组的活动导向的心理教育程序的决策风格分数的自发决策风格分数显着差异。行为的心理教育计划在个人直观的决策风格下降，但这种减少并没有产生显着的差异。因此，可以说，这种情况不会在从应用于实验组的KKT导向的心理教育程序的决策风格分数中产生有意义的决策风格分数。从实验和对照组的理性决策风格获得的预测分数显示后检验后和随访评分之间存在差异，但这种差异并不重要。由于分析，确定测试组的理性决策风格较高，而不是后测试和后续分数的预测分数，而对照组合理决策风格的后测试和后续测试分数显示出与预测试分数相比的减少。预测分数。决策款式扩展避免决策由于分析了预测试，测试后和后续措施的班次评分的平均分数，发现群体效应是微不足道的。确定实验和对照组从避免决策风格获得的预测评分中显着不同，但在测试后和后续测试的分数内没有显示出任何重大变化。

Analyzing the performance of program behavior profiling for intrusion detection

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅