摘要
网络发展势头迅猛,网络安全问题成为当今互联网时代的重中之重.本文提出将隐马尔可夫模型应用到流量异常检测中,用统计学的方法来对流量进行分类.从网络层面着手,将数据包中提取到的一些像IP等的属性特征经处理后输入到隐马尔可夫模型(HMM)中进行分类,最后通过模型输出概率值来判断流量的正常异常类型.在模型训练阶段,我们创造性地使用条件熵来优化Baum-Welch参数估计算法,减少了模型的训练的时间.从实验结果和分析比较来看,本文提出的检测方法在检测准确率和效率上都取得了良好的效果.
With the rapid development of network,network security has become the top priority in the Internet era.In this paper,the hidden Markov model is proposed to be applied to traffic anomaly detection,which effectively combines statistics and traffic classification.Starting from the network level,some attribute features such as IP extracted from packets are processed and entered into the Hidden Markov model(HMM),and finally the normal anomaly types of traffic are judged by the probability value of the model output.In the stage of model training,we creatively used conditional entropy to optimize the Baum-Welch parameter estimation algorithm and reduced the training time of the model.From the experimental results and analysis comparison,the detection method proposed in this paper has achieved good results in detection accuracy and efficiency.
作者
肖林英
王怀彬
XIAO Lin-ying;WANG Huai-bin(School of Computer Science and Engineering,Tianjin University of Technology,Tianjin 300384,China)
出处
《天津理工大学学报》
2019年第5期18-22,28,共6页
Journal of Tianjin University of Technology
