| 1. | These hooks are the interface to collect auditing information and manage auditing record
这些钩子是用于收集审计信息、操作审计记录的接口。 |
| 2. | Classfication rules are inductively learned from audit records and used as intrusion detection models
该方法是从原始审计记录中归纳学习分类规则并利用这些规则建立入侵检测模型。 |
| 3. | When the air became poisonous , the canary would collapse , hopefully giving the miners enough time to notice and escape
审计记录包含有关登录、命令执行、文件访问这样的信息。另外, acm可以运行诊断测试。 |
| 4. | Secondly , based on the new auditing hooks in kernel , the design and implementation of an auditing module are presented , and several key problems are discussed
第二,论述了审计模块的设计与实现,就审计记录结构、审计规则等关键问题进行了阐述。 |
| 5. | According to current research status , auditing system need to be improved in four aspects : the effect to kernel , auditing content , security of audit and the management of auditing record files
综合现在的研究状况来看,现有的审计系统主要有四个方面需要改进:审计系统对内核的影响、审计的内容、审计的安全、审计记录文件的处理。 |
| 6. | The big shortcoming of current ids is unable to detect intrusion behavior quickly when facing large amount of audit data , unable to detect new type of attacks , and high false positive rate which influence greatly the performance of ids
当前ids的最大弱点是面对海量的审计记录无法快速检测入侵行为,并且误报率之高严重影响了系统性能。 |
| 7. | On the other hand , this system does not analyze the huge daily record and network record completely , but defines the suspicious intrusion mark , and collect corresponding auditing when this kind of mark appears
另一方面,本方案不对庞大的日志信息和网络连接记录进行完全性分析,而是定义可疑的入侵标记,当出现这种标记时才进行相应的审计记录收集。 |
| 8. | Based on the detailed and comprehensive study on data mining based intrusion detection techniques , naids apply the association rule and classification techniques into detecting intrusion behavior among network audit record from a new perspective
在对既有基于数据挖掘方法的入侵检测技术进行全面分析的基础上, naids从一个新的角度将关联规则和分类技术应用到网络审计记录数据中以检测攻击行为。 |
| 9. | Using this method , raw audit data is first preprocessed into records with a set of basic features . data mining algorithms are then applied to compute the frequent patterns from records , whitch are automatically analyzed to generate an additional set of features for intrusion detection purposes
本方法中,首先把原始审计记录处理成包含基本特征的连接记录,然后应用数据挖掘算法计算连接记录中的频繁模式,并从频繁模式中自动生成入侵检测的附加特征。 |
| 10. | With the problem that is difficult to find and analyze the target objects due to no sufficient recorded information and loose relativity among records in traditional audit - log model of databases , the changed information of object value are added into the audit log , and a session - tree is used to indicate the relations between operations and sessions
摘要针对传统审计记录模型中由于记录信息不充分、各条记录相关性不强而产生的定位和分析目标比较困难的问题,在审计日志中增加对客体对象值变化信息的记录;在审计日志记录方式上用树记录会话过程以表示相关操作和会话的关联性。 |
