The methods are both based on data mining (DM) technique, and use sequence patterns to represent the normal behavior profile of a program according to the supports or confidences of the patterns in the training data.
英
美
- 这两种方法均利用数据挖掘技术中的序列模式描述一个程序的正常行为,根据序列的支持度(support)或可信度(confidence)在训练数据中提取正常序列,检测中通过序列比较对攻击行为进行识别。