| 基于系统调用的混合HMM/MLP异常检测模型 |
| |
| 引用本文: | 郝莹,李蓬,田芳,杨苗. 基于系统调用的混合HMM/MLP异常检测模型[J]. 信息与控制, 2008, 37(2): 1-1 |
| |
| 作者姓名: | 郝莹 李蓬 田芳 杨苗 |
| |
| 作者单位: | 北京建筑工程学院电气与信息工程学院,北京,100044 |
| |
| 基金项目: | 北京市教委科技发展计划 |
| |
| 摘 要: | 首先描述了基于隐马尔可夫模型(HMM)的异常检测方法并指出其缺点.然后提出了一种将多层感知机(MLP)用作HMM的概率估计器的方法,以克服HMM方法的不足.最后建立了一个基于系统调用的混合HMM/MLP异常检测模型,并给出了该模型的训练和检测算法.实验结果表明,该混合系统的漏报率和误报率都低于HMM方法.
|
| 关 键 词: | 入侵检测 异常检测 隐马尔可夫模型(HMM) 神经网络 系统调用 多层感知机(MLP) |
| 文章编号: | 1002-0411(2008)02-0214-05 |
| 修稿时间: | 2007-03-02 |
A Hybrid HMM/MLP Anomaly Detection Model Based on System Calls |
| |
| HAO Ying,LI Peng,TIAN Fang,YANG Miao. A Hybrid HMM/MLP Anomaly Detection Model Based on System Calls[J]. Information and Control, 2008, 37(2): 1-1 |
| |
| Authors: | HAO Ying LI Peng TIAN Fang YANG Miao |
| |
| Affiliation: | HAO Ying,LI Peng,TIAN Fang,YANG Miao(School of Electrical & Information Engineering,Beijing University of Civil Engineering , Architecture,Beijing 100044,China) |
| |
| Abstract: | First,the anomaly detection method based on hidden Markov model(HMM) is described and its drawbacks are pointed out.Then,a method,which uses multilayer perceptron(MLP) as the probability estimator of hidden Markov model,is proposed to overcome the drawbacks of the HMM-based method.Finally,a new hybrid HMM/MLP anomaly detection model based on system calls is established,and its training and detection algorithms are presented.Experimental results show that the false negative rate and the false positive rate o... |
| |
| Keywords: | intrusion detection anomaly detection hidden Markov model(HMM) neural network system call multilayer perceptron |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《信息与控制》浏览原始摘要信息 |
|
点击此处可从《信息与控制》下载全文 |
