| 基于隐马尔可夫模型的入侵检测系统 |
| |
| 引用本文: | 杨新旭,王长山,王东琦,郑丽娜. 基于隐马尔可夫模型的入侵检测系统[J]. 计算机工程与应用, 2005, 41(12): 149-151 |
| |
| 作者姓名: | 杨新旭 王长山 王东琦 郑丽娜 |
| |
| 作者单位: | 西安电子科技大学计算机学院,西安,710071;南京邮电学院计算机科学与技术系,南京,210003 |
| |
| 摘 要: | 首先介绍了基于隐马尔可夫模型(HMM)的入侵检测系统(IDS)框架,然后建立了一个计算机系统运行状况的隐马尔可夫模型,最后通过实验论述了该系统的工作过程。通过仅仅考虑基于攻击域知识的特权流事件来缩短建模时间并提高性能,从而使系统更加高效。实验表明,用这种方法建模的系统在不影响检测率的情况下,比传统的用所有数据建模大大地节省了模型训练的时间,降低了误报率。因此,适合用于在计算机系统上进行实时检测。
|
| 关 键 词: | 入侵检测 隐马尔可夫模型(HMM) 特权流 |
| 文章编号: | 1002-8331-(2005)12-0149-03 |
An Intrusion Detection System Based on Hidden Markov Model |
| |
| Yang Xinxu,Wang Changshan,Wang Dongqi,Zheng Lina. An Intrusion Detection System Based on Hidden Markov Model[J]. Computer Engineering and Applications, 2005, 41(12): 149-151 |
| |
| Authors: | Yang Xinxu Wang Changshan Wang Dongqi Zheng Lina |
| |
| Affiliation: | Yang Xinxu1 Wang Changshan1 Wang Dongqi1 Zheng Lina21 |
| |
| Abstract: | The paper presents the framework of the Intrusion Detection System(IDS) based on hidden Markov model(HMM).Then,a hidden Markov model for the normal states of computer system is proposed.Finally,the work procedure of the proposed system is described by experiment.It proposes an effective IDS that improves the modeling time and performance with only considering the events of privilege flows based on the domain knowledge of attacks.Experimental results show that the proposed method requires significantly shorter time to train HMM without loss of detection rate and significantly reduces the false alarm rate than the other modeling method using all audit data.This method is not only useful in theory,but also can be used in practice to monitor the computer system in real time. |
| |
| Keywords: | intrusion detection Hidden Markov Model(HMM) privilege flow |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
