An approach of intrusion detection based on LZW algorithm is proposed. System call sequences are used as feature data. And the system call sequences are divided in the way of variable length and compressed by LZW algorithm before detecting. In application of LZW algorithm, it is adjusted to be adapted to division of variable length sequences. Bayesian Multivariate Adaptive Regression Spline (MARS) is used as classifier to identify the intrusion data. The experimental results show that LZW algorithm conforms to the inherent law of system call sequence. A good performance is achieved with a high compression ratio. The intrusion detection algorithm combining with LZW and Bayesian MARS algorithm performs steadily with various data, which is practicable and feasible.%提出了一种基于LZW算法的入侵检测算法.使用系统调用序列作为特征数据,采用LZW算法对系统调用序列数据进行变长短序列划分,同时对短序列进行压缩,并在应用的过程中对LZW算法进行适当调整以适应序列的划分.通过贝叶斯多元自适应回归样条(贝叶斯MARS)模型,对正常和异常序列进行分类并标识入侵.实验结果表明,基于LZW变长序列划分方法符合系统调用序列的内在规律,在较高压缩比的情况下,获得了很好的检测性能.LZW算法与贝叶斯MARS相结合的入侵检测算法,对各种数据表现稳定,具有一定可行性和实用性.
展开▼
