The naive Bayes algorithm in intrusion detection have the problem of high internal dependence and the data "broken" in decision tree, in order to solve the problem, this paper combines the advantages of section in decision tree and multi-evidence fusion in naive Bayes, uses the Windows Native APIs related data as data sources, using the Native APIs sequence produced by key process, construct the process service predicting model based on the Bayesian tree algorithm, and uses U-test method as the anomaly detection algorithm. The experimental results show that the model can effectively detect abnormal host, and the time complexity is lower, is suitable for online detection.
展开▼
