PDF全文下载:2014040400
梁潘1,2
(1.电子科技大学 通信与信息工程学院, 四川 成都 610054;
2.阿坝师范高等专科学校 a.电子信息工程系,b.应用物理研究所, 四川 汶川 623002)
摘要: 随着网络入侵多样化的发展,传统的防火墙、数据加密等防御方法已经很难保证系统和网络资源的安全,为此,设计了基于隐形马尔科夫模型HMM和自组织映射SOM的网络入侵检测方法。首先建立了自组织映射HMM的双层入侵检测模型,采用样本数据训练SOM网,然后将测试数据输入SOM模型获得观察序列对应的攻击类别的后验概率,将此后验概率用于训练HMM模型获得概率初始分布和状态转移概率等各参数。最后,通过比较测试数据在各模型下发生概率的大小来获取对应的攻击类别。仿真实验表明本研究方法能有效实现网络入侵检测,较经典的HMM方法以及改进的神经网络方法,具有较高的检测率和较低的误报率,同时具有较少的检测时间。
关键词: 网络入侵检测;自组织映射;隐形马尔科夫;状态
中图分类号: TP 393文献标志码: A
收稿日期: 20131130
基金项目: 国家自然科学基金项目(61373163);四川省教育厅项目(13ZB0038).
作者简介: 梁潘(1978—),男,副教授.
Algorithm of Network Intrusion Detection Based on HMM and Selforganize Mapping Net
LIANG Pan1,2
(1.School of Comunication and Information Engineering,University of Electronic Science and Technology,Chengdu 610054, China;
2.a.Department of Electronic Information; b.Institute of Applied Physics,Aba Teachers College, Wenchuan 611741, China)
Abstract: With the development of the network intrusion approaches, the traditional detection methods such as firewall and data encryption can not guarantee the security, therefore, the network intrusion method based on hidden Markov model and self organize mapping net were designed. Firstly, the doublelayer model based on hidden Markov model and self organize mapping net was built, the SOM was trained by using the sample data, and the test data was input to the SOM model to get the posterior probability of the corresponding attacking classification, and the posterior probability was used to train the HMM model to get the parameters such as probability initial distribution and state transferring probability. Finally, the attack classification was obtained by comparing the probability under different models. The simulation experiment shows the method in this paper can realize network intrusion detection, and compared with the traditional HMM method and neural network methods, it has the higher detection rate and lower false alarm rate, and in the meantime with less detection time.
Key words: network intrusion detection; self organize mapping net; hidden Markov model; state
