| 基于改进遗传算法和隐Markov模型的协议异常检测方法 |
| |
| 引用本文: | 邱卫. 基于改进遗传算法和隐Markov模型的协议异常检测方法[J]. 计算机应用研究, 2016, 33(4) |
| |
| 作者姓名: | 邱卫 |
| |
| 作者单位: | 解放军信息工程大学 |
| |
| 基金项目: | 国家高技术研究发展计划(863计划);国家重点基础研究发展计划(973计划) |
| |
| 摘 要: | 针对现有基于隐Markov模型的协议异常检测方法中存在的训练样本不足问题和初始参数敏感问题,提出一种基于改进遗传算法和隐Markov模型的协议异常检测新方法。首先,采用局部竞争选择策略、算术交叉算子和自适应非均匀变异算子改进遗传算法,避免传统遗传算法在收敛过程中的“早熟”和“停滞”问题;然后,利用改进的遗传算法优化隐Markov模型的初始参数,解决模型对初始参数敏感的问题;最后,以协议关键词和关键词时间间隔作为训练观测值,细粒度的描述协议行为,扩大模型的训练样本空间。在DARPA 1999数据集上的实验结果表明,该方法具有很高的检测率和较低的误报率。
|
| 关 键 词: | 入侵检测 协议异常 遗传算法 隐Markov模型 参数优化 |
| 收稿时间: | 2015-04-07 |
| 修稿时间: | 2015-05-25 |
A protocol anomaly detection method based on improved Genetic algorithms and hidden Markov model |
| |
| Affiliation: | PLA Information Engineering University |
| |
| Abstract: | As to solve the issues of insufficient training data and initial parameters sensitive in existing protocol anomaly detection based on hidden Markov model, presenting a new protocol anomaly detection method based on improved genetic algorithm and hidden Markov model. First, the local competitive selection strategy, arithmetic crossover and adaptive non-uniform mutation operator were used to improve the genetic algorithm, in order to avoid the "premature" and "stagnation" problem in traditional genetic algorithm; then, the improved genetic algorithm was recommended to optimize the initial parameters of hidden Markov model to avoid the initial model parameters sensitive issue; and finally, the keyword and keyword interval were taken as training observations, describe the behavior of protocol details to expand the training sample space. Experimental results on DARPA 1999 data set show that the method has a high detection rate and low false alarm rate. |
| |
| Keywords: | Intrusion detection protocol anomaly genetic algorithm hidden Markov model parameter optimization |
|
| 点击此处可从《计算机应用研究》浏览原始摘要信息 |
|
点击此处可从《计算机应用研究》下载全文 |
|
