期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于隐马尔可夫模型的用户行为异常检测新方法 被引量:20

Method for anomaly detection of user behaviors based on hidden Markov models
下载PDF
导出
摘要 提出一种基于隐马尔可夫模型的用户行为异常检测方法,主要用于以shell命令为审计数据的主机型入侵检测系统。与Lane T提出的检测方法相比,所提出的方法改进了对用户行为模式和行为轮廓的表示方式,在HMM的训练中采用了运算量较小的序列匹配方法,并基于状态序列出现概率对被监测用户的行为进行判决。实验表明,此方法具有很高的检测准确度和较强的可操作性。 A method for anomaly detection of user behaviors was presented for host-based intrusion detection systems with shell commands as audit data. The method constructs specific hidden Markov models(HMMs) to represent the behavior profiles of users. The HMMs were trained by a sequence matching algorithm which was much simpler than the classical Baum-Welch algorithm. A decision rule based on the probabilities of short state sequences was adopted while the particularity of the states was taken into account. The results of computer simulation show the method presented can achieve high detection accuracy and practicability.
作者 邬书跃 田新广
机构地区 湖南科技大学信息与电气工程学院 北京交通大学计算技术研究所
出处 《通信学报》 EI CSCD 北大核心 2007年第4期38-43,共6页 Journal on Communications
基金 国家高技术研究发展计划("863"计划)基金资助项目(863-307-7-5)~~
关键词 入侵检测 异常检测 行为模式 隐马尔可夫模型 intrusion detection anomaly detection behavior pattern hidden Markov model
分类号 TP18 [自动化与计算机技术—控制理论与控制工程] TP393 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献9

  • 1LANE T.Machine Learning Techniques for the Computer Security Domain of Anomaly Detection[D].Purdue University,2000.
  • 2LEE W,DONG X.Information-theoretic measures for anomaly detection[A].Proceedings of the 2001 IEEE Symposium on Security and Privacy[C].Oakland,USA,2001.130-134.
  • 3LANE T,BRODLEY C E.Temporal sequence learning and data reduction for anomaly detection[J].ACM Transactions on Information and System Security,1999,2(3):295-331.
  • 4WARRENDER C,FORREST S,PEARLMUTTER B.Detecting intrusions using system calls:alternative data models[A].Proceedings the 1999 IEEE Symposium on Security and Privacy[C].Berkely,USA:IEEE Computer Society,1999.133-145.
  • 5LANE T,BRODLEY C E.An application of machine learning to anomaly detection[A].Proceedings of the 20th National Information Systems Security Conference[C].Baltimore,USA,1997.366-377.
  • 6孙宏伟,田新广,李学春,张尔扬.一种改进的IDS异常检测模型[J].计算机学报,2003,26(11):1450-1455. 被引量:21
  • 7连一峰,戴英侠,王航.基于模式挖掘的用户行为异常检测[J].计算机学报,2002,25(3):325-330. 被引量:84
  • 8田新广,高立志,李学春,张尔扬.一种基于隐马尔可夫模型的IDS异常检测新方法[J].信号处理,2003,19(5):420-424. 被引量:6
  • 9田新广,高立志,张尔扬.新的基于机器学习的入侵检测方法[J].通信学报,2006,27(6):108-114. 被引量:15

二级参考文献26

  • 1[1]Lee Wenke, Stolfo S J. Data mining approaches for intrusion detection. In: Proc the 7th USENIX Security Symposium, San Antonio, TX, 1998
  • 2[2]Lee Wenke, Stolfo S J, Mok K W. A data mining framework for building intrusion detection models. In: Proc the 1999 IEEE Symposium on Security and Privacy, Berkely, California, 1999. 120-132
  • 3[3]Lee Wenke. A data mining framework for constructing features and models for intrusion detection systems[Ph D dissertation]. Columbia University, 1999
  • 4[4]Paxson Vern. Bro: A system for detecting network intruders in real-time. In: Proc the 7th USENIX Security Symposium, San Antonio, TX, 1998
  • 5[5]Agrawal Rakesh, Srikant Ramakrishnan. Fast algorithms for mining association rules. In: Proc the 20th International Conference on Very Large Databases, Santiago, Chile, 1994
  • 6[6]Agrawal Rakesh, Srikant Ramakrishnan. Mining sequential patterns. IBM Almaden Research Center, San Jose, California:Research Report RJ 9910, 1994
  • 7[7]Chen M, Han J, Yu P. Data mining: An overview from database perspective. IEEE Trans Knowledge and Data Engineeing, 1996,8(6):866-883
  • 8Lane T. Machine learning techniques for the computer security domain of anomaly detection [D].Purdue University, 2000.
  • 9Warrender C, Forrest S. Pearlmutter B. Detecting intru-sions using system calls: altematived.t, models[A].Proceedings of the 1999 IEEE Symposium on Security and Privacy[C]. Berkely, California, USA: IEEE Compu-ter Society, 1999:133-145.
  • 10Rabiner L R, Juang B H. An introduction to hidden Markov models[J]. IEEE ASSP Magazine, 1986(1): 4-16.

共引文献104

同被引文献215

引证文献20

二级引证文献194

通信学报
2007年 第4期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部