基于HMM和自组织映射的网络入侵检测算法

随着网络入侵多样化的发展,传统的防火墙、数据加密等防御方法已经很难保证系统和网络资源的安全,为此,设计了基于隐形马尔科夫模型HMM和自组织映射SOM的网络入侵检测方法.首先建立了自组织映射-HMM的双层入侵检测模型,采用样本数据训练SOM网,然后将测试数据输入SOM模型获得观察序列对应的攻击类别的后验概率,将此后验概率用于训练HMM模型获得概率初始分布和状态转移概率等各参数.最后,通过比较测试数据在各模型下发生概率的大小来获取对应的攻击类别.仿真实验表明本研究方法能有效实现网络入侵检测,较经典的HMM方法以及改进的神经网络方法,具有较高的检测率和较低的误报率,同时具有较少的检测时间.

Algorithm of Network Intrusion Detection Based on HMM and Self-organize Mapping Net

With the development of the network intrusion approaches, the traditional detection methods such as firewall and data encryption can not guarantee the security, therefore, the network intrusion method based on hidden Markov model and self organize mapping net were designed. Firstly, the double-layer model based on hidden Markov model and self organize mapping net was built, the SOM was trained by using the sample data, and the test data was input to the SOM model to get the posterior probability of the corresponding attacking classification, and the posterior probability was used to train the HMM model to get the parameters such as probability initial distribution and state transferring probability. Finally, the attack classification was obtained by comparing the probability under different models. The simulation experiment shows the method in this paper can realize network intrusion detection, and compared with the traditional HMM method and neural network methods, it has the higher detection rate and lower false alarm rate, and in the meantime with less detection time.