| Chi-square Distance在协议异常检测中的应用 |
| |
| 引用本文: | 秦拯,李娜,张大方,邹建军.Chi-square Distance在协议异常检测中的应用[J].湖南大学学报(自然科学版),2005,32(4):99-103. |
| |
| 作者姓名: | 秦拯 李娜 张大方 邹建军 |
| |
| 作者单位: | 湖南大学,软件学院,湖南,长沙,410082 |
| |
| 基金项目: | 国家自然科学基金资助项目(60273070);湖南省科技攻关项目(04GK3022);东莞市科研发展基金资助项目(2004018) |
| |
| 摘 要: | 针对Juan M提出的一种基于马尔可夫链的随机协议异常检测模型和评估方法存在的不足进行改进.改进后的模型增加了一些必要的状态,初始概率和转换概率更加精确.实验表明,将Chi—Square Distance和马尔可夫链方法相结合来检测协议异常,可克服原方法的不足,能有效检测到SYN Flooding攻击.
|
| 关 键 词: | 入侵检测 协议异常检测 马尔可夫链 马尔可夫过程 |
| 文章编号: | 1000-2472(2005)04-0099-05 |
| 收稿时间: | 2004-12-25 |
| 修稿时间: | 2004-12-25 |
Application of Chi-Square Distance to Protocol Anomaly Detection |
| |
| Qin Zheng;Li Na;Zhang DaFang;Zou JianJun.Application of Chi-Square Distance to Protocol Anomaly Detection[J].Journal of Hunan University(Naturnal Science),2005,32(4):99-103. |
| |
| Authors: | Qin Zheng;Li Na;Zhang DaFang;Zou JianJun |
| |
| Abstract: | We made some improvements on the stochastic protocol model presented by Juan M, which was based on Markov Chain. Some necessary states were added to the modified protocol model to make its initial and transition probabilities more precise. Moreover, we combined Chi-Square Distance into Markov Chain method in order to detect the protocol anomaly. The experimental results show that the modified model can efficiently detect SYN Flooding attacks, thus overcoming the shortage of the previous model. |
| |
| Keywords: | intrusion detection protocol anomaly detection Markov Chain Markov processes |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
| 点击此处可从《湖南大学学报(自然科学版)》浏览原始摘要信息 |
| 点击此处可从《湖南大学学报(自然科学版)》下载免费的PDF全文 |
