摘要
传统网络资源行为检测方法无法准确确定资源行为的符号观测,导致检测效果较差,整体检测严重受限。为此,提出一种新的基于隐马尔科夫模型的公共资源滥用行为检测方法。构建隐马尔科夫模型,通过数据分析,确定当前观测符号序列,利用Windows操作系统信息为蓝本进行行为检测。建立敏感文件信息集,并使其分布在系统敏感文件夹中。在此基础上确定当前隐马尔科夫模型参数。计算对应序列概率差值,根据当前公共资源网络信息安全要求,设定实际阈值,确定资源滥用行为。仿真实验结果表明,该监测方法真实有效,具有较高的推广和应用价值。
The traditional network resource behavior detection method can not accurately determine the symbol observation of resource behavior,resulting in poor detection effect and severe limitation of overall detection.Therefore,a new detection method of public resource abuse based on hidden markov model is proposed.The hidden markov model is constructed to determine the current observation symbol sequence through data analysis.And the behavior detection is based on the information of Windows operating system.A set of sensitive file information is constructed and distributed it in system sensitive folders.On this basis,the current hidden markov model parameters are determined.The probability difference value of corresponding sequence is calculated,and the actual threshold value is set to determine the resource abuse behavior according to the current information security requirements of public resource network.The simulation results show that the monitoring method is reallistic and effective,and has higher generalization and application performance.
作者
冯喆
侯霄昱
陈彦霖
FENG Zhe;HOU Xiaoyu;CHEN Yanlin(School of Computer Engineering,Coventry University Coventry,Coventry CV15FB,England;Division of Integrated Planning,Tianjin Tobacco Monopoly Bureau,Tianjin 300041,China;School of Management,Tianjin Normal University,Tianjin 300387,China;Ptirty Construction Section,Tianjin NO.1 Urban District Tobacco Monopoly Bureau,Tianjin 300050,China;Department of Arts and Sciences,Guangdong Institute,Zhanjiang 524400,China)
出处
《吉林大学学报(信息科学版)》
CAS
2020年第3期335-340,共6页
Journal of Jilin University(Information Science Edition)
基金
广东文理职业学院2017年“创新强校工程”品牌专业基金资助项目(GWL201703004)。
关键词
公共资源
网络行为
训练参数
public resources
network behavior
training parameters
