摘要
本文提出了基于动态马尔科夫模型的入侵检测方法 .首先提取特权进程的行为特征 ,并在此基础上动态构造Markov模型 .由动态Markov模型产生的状态序列计算状态概率 ,根据状态序列概率来评价进程行为的异常情况 .利用Markov模型的动态构造充分提取特权进程的局部行为特征的相互关系 ,因此可以在训练数据集有限的条件下使模型更精确、检测能力大大加强 .实验表明该算法准确率高、实时性强、占用系统资源少 .本文所提方法算法简单、预测准确 。
A new method for anomaly intrusion detection is proposed based on dynamic Markov model. At first, behavioral features are extracted from the privileged processes, and then the Markov model is founded dynamically based on the features. The state sequences of dynamic Markov model are analyzed to infer the state probability, which is used to classify the normal or abnormal behavior. Because Markov model is constructed dynamically, it can extract the relationships of local behavioral features of the privileged processes adequately. When the training sets are limited, the method predicts exactly. The experiments show this method is simple effective and efficient, and can be used in practice to monitor the computer system in real time.
出处
《电子学报》
EI
CAS
CSCD
北大核心
2004年第11期1785-1788,共4页
Acta Electronica Sinica
基金
国防预先研究项目 (No 41 31 50 70 2 )
哈尔滨工程大学基础研究基金 (No .HEUF0 4 0 84)
关键词
入侵检测
动态马尔科夫模型
信息安全
Algorithms
Markov processes
Mathematical models
Probability
Security of data
Signal detection
