| 计算机系统入侵检测的隐马尔可夫模型 |
| |
| 引用本文: | 谭小彬,王卫平,奚宏生,殷保群.计算机系统入侵检测的隐马尔可夫模型[J].计算机研究与发展,2003,40(2):245-250. |
| |
| 作者姓名: | 谭小彬 王卫平 奚宏生 殷保群 |
| |
| 作者单位: | 1. 中国科学技术大学自动化系,合肥,230027
2. 中国科学技术大学商学院,合肥,230026 |
| |
| 基金项目: | 国家自然科学基金 (60 2 740 12 ) |
| |
| 摘 要: | 入侵检测技术作为计算机安全技术的一个重要组成部分,现在受到越来越广泛的关注,首先建立了一个计算机系统运行状况的隐马尔可夫模型(HMM),然后在此模型的基础上提出了一个用于计算机系统实时异常检测的算法,以及该模型的训练算法。这个算法的优点是准确率高,算法简单,占用的存储空间很小,适合用于在计算机系统上进行实时检测。
|
| 关 键 词: | 计算机系统 入侵检测 隐马尔可夫模型 异常检测 隐马尔可夫模型 信息安全 计算机安全 |
A Hidden Markov Model Used in Intrusion Detection |
| |
| TAN Xiao Bin ,WANG Wei Ping ,XI Hong Sheng ,and YIN Bao Qun.A Hidden Markov Model Used in Intrusion Detection[J].Journal of Computer Research and Development,2003,40(2):245-250. |
| |
| Authors: | TAN Xiao Bin WANG Wei Ping XI Hong Sheng and YIN Bao Qun |
| |
| Affiliation: | TAN Xiao Bin 1,WANG Wei Ping 2,XI Hong Sheng 1,and YIN Bao Qun 1 1 |
| |
| Abstract: | As the key component of computer security technique, intrusion detection has received more and more attention. In this paper, an overview of research in anomaly detection is presented with emphasis on issues related to found a hidden Markov model (HMM) for the normal states of computer system, and an algorithm of anomaly detection is brought forward. The probability of observed sequence is computed and the average probability of a fixed length sequence is used as the metric of anomaly detection. To improve accuracy, an update algorithm for this hidden Markov model is also presented based on the forgetting factor. This method is not only useful in theory, but also can be used in practice to monitor the computer system in real time. |
| |
| Keywords: | intrusion detection anomaly detection hidden Markov model (HMM) |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
