|
|||||
|
|
| 基于Improved-HMM的进程行为异常检测 | |
| 引用本文: | 党小超,马峻,郝占军.基于Improved-HMM的进程行为异常检测[J].计算机工程与设计,2011,32(4):1264-1267. |
| 作者姓名: | 党小超 马峻 郝占军 |
| 作者单位: | 1. 西北师范大学,网络教育学院,甘肃,兰州,730070 2. 西北师范大学,数学与信息科学学院,甘肃,兰州,730070 3. 西北师范大学,网络教育学院,甘肃,兰州,730070;西京学院,工程技术系,陕西,西安,710123 |
| 基金项目: | 甘肃省科技支撑计划基金 |
| 摘 要: | 针对传统隐马尔可夫模型(HMM)状态转移概率仅与前一状态有关的不足,提出了一种改进的隐马尔可夫模型(Im-proved-HMM),该模型考虑到状态转移概率与前两时刻状态相关,旨在提高异常检测准确率。用基于Improved-HMM的Baum-Welch(BW)算法对正常进程行为进行建模,并采用滑动窗口的方法,检测进程行为是否处于异常状态。实验结果表明,该模型的检测准确率高于传统的HMM模型,能及时、准确检测到进程行为的异常。 |
| 关 键 词: | 改进的隐马尔可夫模型 异常检测 系统调用序列 鲍姆-韦尔奇算法 滑动窗口 |
Anomaly detection of process behavior based on Improved-HMM |
|
| DANG Xiao-chao,MA Jun,HAO Zhan-jun.Anomaly detection of process behavior based on Improved-HMM[J].Computer Engineering and Design,2011,32(4):1264-1267. | |
| Authors: | DANG Xiao-chao MA Jun HAO Zhan-jun |
| Affiliation: | 2,3(1.College of Network Education,Northwest Normal University,Lanzhou 730070,China;2.College of Mathematics and Information Science,Northwest Normal University,Lanzhou 730070,China;3.Department of Engineering Technology,Xijing University,Xi’an 710123,China) |
| Abstract: | In the traditional hidden Markov model,there is the hypothesis that the state transition probability only depends on a previous state of the model.In fact,it is not reasonable.A new anomaly intrusion detection approach based on improved hidden Markov model(Improved-HMM) is proposed.The model takes into account the state transition probability of the previous two ones.The main purpose is to improve the accuracy of anomaly detection.According to the Improved-HMM with the BW-based algorithm,a model is establis... |
| Keywords: | improved-HMM anomaly detection system call sequence B-W algorithm sliding window |
| 本文献已被 CNKI 万方数据 等数据库收录! | |