摘要
提出了一种基于条件随机场的协议异常检测模型。该方法将连接中的数据包作为观测序列,量化数据包首部的标志位,计算标志位在连接中的出现频率作为观测序列的两个特征,实验结果验证了所建立模型的准确性,同基于隐马尔科夫模型的检测方法相比,提出的方法在各个衡量标准上都要高于后者。
This paper proposes a protocol anomaly detection model based on conditional random field(CRF). The method uses the data packet in the connection as the observation sequence, quantizes the flag of the packet header, and calculates the frequency of occurrence of the flag in the connection as two characteristics of the observation sequence. The experimental results verify the accuracy of the established model. Compared with the detection method based on Hidden Markov Model, the proposed method is higher than the latter in each measurement standard.
作者
赵静
谷鹏飞
何亚南
延霞
ZHAO Jing;GU Pengfei;HE Yanan;YAN Xia(School of Computer Sciences,Shenzhen Institute of Information Technology,Shenzhen,Guangdong 518172,P.R.China;State Key Laboratory of Nuclear Power Safety Monitoring Technology and Equipment,China Guangdong Nuclear Engineering Co.,Ltd.,Shenzhen,Guangdong 518000,P.R.China)
出处
《深圳信息职业技术学院学报》
2018年第2期50-55,共6页
Journal of Shenzhen Institute of Information Technology
基金
深圳信息职业技术学院横向课题(HX-173)
关键词
条件随机场
入侵检测
协议异常检测
conditional random fields
intrusion detection
protocol anomaly detection
