一种基于有向二分图模型和贝叶斯网络的入侵检测方法

An Intrusion Detection Approach based on the Directed Bipartite Graph and the Bayesian Network

针对入侵检测中存在的非确定性推理问题,文章提出一种基于二分图模型和贝叶斯网络的入侵检测方法,该方法利用二分有向图模型表示入侵和相关特征属性之间的因果拓扑关系,利用训练数据中获取模型的概率参数,最后使用最大可能解释对转化后的推理问题进行推理,并通过限定入侵同时发生的数目来提高检测效率。实验表明,该方法具有较高的检测率和很好的鲁棒性。

Aim to the uncertainty reasoning problem in the Intrusion detection, we proposed an approach t^asea on the directed bipartite graph and the Bayesian network. This method uses the directed bipartite graph to represent the causal relationship between Intrusion and event alarm, and then gains the probability parameter of the Bayesian network by learning from the train set. At last, it uses the maximum possible explanation to reason the transformed reasoning problem. For the efficiency of detection, we limit the number of invasion occurred at the same time below a special number. Experiments show that our method has a high detection rate and very good robustness.