摘要
针对互联网中网络攻击预测问题,提出了一种基于概率模型的网络入侵检测方法(PNID),采用马尔可夫链对网络系统事件进行概率建模,用于预报和检测网络入侵。首先,执行K均值聚类来定义网络状态;然后,基于所定义的状态,构建包括状态概率转移矩阵和初始概率分布的隐马尔科夫模型(HMM);最后,利用模型实时检测输入数据的异常度。通过实验验证了该方法的可行性,并与其他两种方法进行比较,结果表明,该方法针对DDoS攻击具有较高的正确检测率和较低的误报率。此外,该方法对HMM训练数据集和状态数量具有较好的鲁棒性。
For the problem of predicting network attacking, a kind of network intrusion detection (PNID) based on probabilistic is proposed, Markov chain is used to build the probability modeling of the network system events so as to predicting and detecting the network intrusion. Firstly, K-means clustering is used to define the state of the network. Then, hidden Markov model (HMM) including state transition probability matrix and initial probability distribution is constructed according to the definition state. Finally, the Markov model is used to detect the anomaly degree of input data. The feasibility of the method has been verified by the experiments comparing with other two methods. Experimental results show that prosed method has higher correct detection rate and lower false alarm rate for DDoS attack. In addition, and it is robust to the Markov model training data set and the number of the state.
出处
《控制工程》
CSCD
北大核心
2017年第3期698-704,共7页
Control Engineering of China
基金
河南省科技厅科技攻关项目(142102210226)
