HMM模型在检测复杂网络攻击中的应用

计算机工程与应用 ›› 2008, Vol. 44 ›› Issue (7): 136-138.

HMM模型在检测复杂网络攻击中的应用

陶龙明,史志才,彭丹,马武

大连大学辽宁省智能信息处理重点实验室，辽宁大连 116622

收稿日期:2007-06-21 修回日期:2007-08-20 出版日期:2008-03-01 发布日期:2008-03-01
通讯作者: 陶龙明

Application of HMM to detecting sophisticated network attacks

TAO Long-ming,SHI Zhi-cai,PENG Dan,MA Wu

Liaoning Key Lab of Intelligent Information Processing，Dalian University，Dalian，Liaoning 116622，China

Received:2007-06-21 Revised:2007-08-20 Online:2008-03-01 Published:2008-03-01
Contact: TAO Long-ming

摘要/Abstract

摘要： 对于隐蔽性强、持续时间长且分步完成的复杂网络攻击，现有的入侵检测技术仍无法有效地进行识别。详细地分析了复杂网络攻击的特征，并在此基础上建立了复杂网络攻击的HMM检测模型。通过关联分析不同网络监视器的报警事件，产生用于HMM模型训练及检测的报警序列，这些报警序列本质上反映了攻击者的行为。实验结果表明，该模型能较好地检测复杂网络攻击。

Abstract: Sophisticated network attacks are well disguised，durative and multi-stage；it can not be detected effectively by current intrusion detection technology.The native properties of sophisticated network attacks have been analyzed thoroughly in this paper，and then a detection model of sophisticated network attacks based on HMM is built.According to properties of sophisticated network attacks，lots of alarm sequences used by HMM are produced from different monitors distributed in real network.Experiments show that this model is effective in detecting sophisticated network attacks.

陶龙明,史志才,彭丹,马武. HMM模型在检测复杂网络攻击中的应用[J]. 计算机工程与应用, 2008, 44(7): 136-138.

TAO Long-ming,SHI Zhi-cai,PENG Dan,MA Wu. Application of HMM to detecting sophisticated network attacks[J]. Computer Engineering and Applications, 2008, 44(7): 136-138.