【作者】 赵丽；

【导师】 王凤先；

【作者基本信息】 河北大学 ， 计算机应用技术， 2004， 硕士

【摘要】 人类从自然界获得解决科学难题的灵感，借鉴自然界自身的规律，解决人类面临的科学问题已经成为现代科学研究中的一个非常新的研究思路。 本文就是在认识生物免疫系统运行机理的基础上，通过参考国内外计算机免疫系统的研究成果提出基于系统调用的计算机免疫系统模型的。在该模型中借鉴了生物免疫系统的一些特点来完成识别“自我”与“非我”，进而消除“非我”，为进行自身反应强度的调节提供了一个完善的框架基础。并在此基础上，构建一个自治、自适应的信息安全防护系统，使它能通过动态分析机制实时监测进程的异常情况，及时发出警报，有效弥补了其他静态防御工具的不足。 本文提出了一种简单实用的采集系统调用序列的方法并对分析机制中所采用的“先行对”(lookahead pairs)方法和沙盒主机中所采用的马尔可夫链的方法进行了详细分析；通过在不同的检测阶段采用这两种不同的方法，以提高系统的性能和检测效率；同时给出了该模型的实现方法和部分程序流程。更多还原

【Abstract】 It becomes a very new method in research field that people get inspiration from the natural to solve the science problem, research the rules of the natural and in the end solve the problem that people faced.After studying the mechanism of the biologic immune system and referring the returns of computer immune system at home and abroad, the computer immune system model based on system call is put forward. In this model, some traits of the biologic immune system are utilizing to distinguish non-self from self, eliminate non-self and provide a frame for adjusting the intensity of self-response. And based on this, an autonomic and self-adapting information safety system is constructed. It can monitor the processes real-time by dynamic analytic mechanism and give the alarm in good time, which effectively compensates the shortage of the other static tools.This paper gives a simple and applied method of collecting the sequence of system calls. Lookahead pairs in analysis mechanism and Markov Chain in sand box are discussed in detail. In different detected stage ,two methods are adopted to improve the efficiency and performance of the system. In the end the implement method and program flow of this model are introduced.更多还原