Computer Science ›› 2017, Vol. 44 ›› Issue (9): 136-141, 161.doi: 10.11896/j.issn.1002-137X.2017.09.027

Previous Articles     Next Articles

Network Anomaly Detection Model Based on Time-varying Weighted Markov Chain

WANG Xiao, QI Yong and LI Qian-mu   

  • Online:2018-11-13 Published:2018-11-13

Abstract: With the rapid development of the Internet,the network intrusion events are becoming more and more frequent,and the instruction detection is of great significance to the protection of network security.In view of the urgent demand of real-time instruction detection,a model of network instruction detection based on time-varying weighted Markov chain model was proposed in this paper.This model uses the combined state sequence to describe state transition.The log event generated by the DARPA2000 data set on the NT system was used as the experimental data to carry out simulation experiments,and the time-varying weighted Markov chain model were compared. The simulation results show that the model mentioned in this paper can be used for real-time instruction detection,which has high accuracy,strong robustness,and can effectively reduce the false detection rate.

Key words: Network security,Weighted Markov,Time varying model,Instruction detection

[1] LIANG Y J,XU L L,TANG W.CNCERT released the 2013 Internet network security Posture Review[J].China Information Security,2014,26(4):20.(in Chinese) 梁玉坚,徐玲玲,唐雯.CNCERT发布《2013年互联网网络安全态势综述》[J].中国信息安全,2014,26(4):20.
[2] National computer network emergency technology coordination center.Review of China’s Internet security situation in 2015 [J].Secrecy Science and Technology,2016(4):12-16.(in Chinese) 国家计算机网络应急技术处理协调中心.2015 年我国互联网网络安全态势综述[J].保密科学技术,2016(4):12-16.
[3] SAHA D,MUKHERJEE A.Pervasive Computing:A Paradigm for the 21st Century[J].Computer,2003,36(3):25-31.
[4] MARY M.Internet Trends 2016[EB/OL].[2016-09-28].http://www.kpcb.com/internet-trends.
[5] HUANG J Z,ZHU M L.Review of anomaly detection based on program [J].Computer Science,2011,38(6):7-13.(in Chinese) 黄金钟,朱淼良.基于程序的异常检测研究综述[J].计算机科学,2011,38(6):7-13.
[6] QING S H,JIANG J C,MA H T,et al.Survey of intrusion detection technology [J].Journal of Communication,2004,25(7):19-29.(in Chinese) 卿斯汉,蒋建春,马恒太,等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29.
[7] GOVINDARAJAN M,CHANDRASEKARAN R.Intrusion detection using neural based hybrid classification methods[J].Computer Networks,2011,55(8):1662-1671.
[8] GARC,A-TEODORO P,AZ-VERDEJO J,et al.Anomaly-based network intrusion detection:Techniques,systems and challenges[J].Computers & Security,2009,28(1/2):18-28.
[9] MOHAMMAD M N,SULAIMAN N,MUHSIN O A.A novel intrusion detection system by using intelligent data mining in weka environment[J].Procedia Computer Science,2011,3(1):1237-1242.
[10] AMBUSAIDI M A,HE X,NANDA P,et al.Building an intrusion detection system using a filter-based feature selection algorithm[J].IEEE Transactions on Computers,2016,65(10):2986-2998.
[11] BIERMANN E,CLOETE E,VENTER L M.A comparison ofIntrusion Detection systems[J].Computers & Security,2001,20(8):676-683.
[12] PALOMO E J,DOMNGUEZ E,LUQUE R M,et al.An Intrusion Detection System Based on Hierarchical Self-Organization[C]∥International Workshop on Computational Intelligence in Security for Information Systems(Cisis’08).Genova,Italy,October.DBLP,2008:139-146.
[13] HAN S J,CHO S B.Detecting intrusion with rule-based integration of multiple models[J].Computers & Security,2003,22(7):613-623.
[14] YANG Y H,HUANG H Z,SHEN Q N,et al.Intrusion detection based on incremental GHSOM neural network model[J].Journal of Computer Science,2014(5):1216-1224.(in Chinese) 杨雅辉,黄海珍,沈晴霓,等.基于增量式GHSOM神经网络模型的入侵检测研究[J].计算机学报,2014(5):1216-1224.
[15] CHEN X,TAO J,et al.Intrusion detection algorithm based on Bias game model in wireless networks [J].Journal of Communication,2010,31(2):107-112(in Chinese) 陈行,陶军,等.无线网络中基于贝叶斯博弈模型的入侵检测算法研究[J].通信学报,2010,31(2):107-112.
[16] WANG H,CHEN H Y,LIU S F,et al.Intrusion detection system based on improved naive Bayes algorithm [J].Computer Science,2014,41(4):111-115.(in Chinese) 王辉,陈泓予,刘淑芬,等.基于改进朴素贝叶斯算法的入侵检测系统[J].计算机科学,2014,41(4):111-115.
[17] DUAN X T,JIA C F,LIU C B.Detection method of hierarchical hidden Markov model and variable length semantic model based on Intrusion [J].Journal of Communication,2010,31(3):109-114.(in Chinese) 段雪涛,贾春福,刘春波.基于层次隐马尔科夫模型和变长语义模式的入侵检测方法[J].通信学报,2010,31(3):109-114.
[18] ZHANG Y,TAN X B,CUI X L,et al.Network security situation awareness method based on Markov game model [J].Chinese Journal of Software,2011,22(3):495-508.(in Chinese) 张勇,谭小彬,崔孝林,等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报,2011,22(3):495-508.
[19] XI R R,YUN X C,ZHANG Y Z,et al.An improved quantitative evaluation method of network security situation [J].Chinese Journal of Computers,2015,38(4):749-758.(in Chinese) 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.
[20] FENG X W,WANG D X,HUANG M H,et al.A method of causal knowledge mining based on Markov [J].Computer Research and Development,2014,51(11):2493-2504.(in Chinese) 冯学伟,王东霞,黄敏桓,等.一种基于马尔科夫性质的因果知识挖掘方法[J].计算机研究与发展,2014,51(11):2493-2504.
[21] DENG X Y,DENG Y,ZHANG Y J,et al.A Markov reliability model and application [J].Journal of Automation,2012,38 (4):666-672.(in Chinese) 邓鑫洋,邓勇,章雅娟,等.一种信度马尔科夫模型及应用[J].自动化学报,2012,38(4):666-672.
[22] LI F W,DENG W,ZHU J.A network security situation prediction mechanism based on complex network [J].Computer Application Research,2015,32(4):1141-1144.(in Chinese) 李方伟,邓武,朱江.一种基于复杂网络的网络安全态势预测机制[J].计算机应用研究,2015,32(4):1141-1144.
[23] DONG J.Research on improved HMM network security risk as-sessment method [D].Wuhan:Huazhong University of Science and Technology,2008.(in Chinese) 董静.改进的HMM网络安全风险评估方法研究[D].武汉:华中科技大学,2008.
[24] LEI J.Research on network security threat and situation assessment [D].Wuhan:Huazhong University of Science and Technology,2008.(in Chinese) 雷杰.网络安全威胁与态势评估方法研究[D].武汉:华中科技大学,2008.

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75, 88 .
[2] XIA Qing-xun and ZHUANG Yi. Remote Attestation Mechanism Based on Locality Principle[J]. Computer Science, 2018, 45(4): 148 -151, 162 .
[3] LI Bai-shen, LI Ling-zhi, SUN Yong and ZHU Yan-qin. Intranet Defense Algorithm Based on Pseudo Boosting Decision Tree[J]. Computer Science, 2018, 45(4): 157 -162 .
[4] WANG Huan, ZHANG Yun-feng and ZHANG Yan. Rapid Decision Method for Repairing Sequence Based on CFDs[J]. Computer Science, 2018, 45(3): 311 -316 .
[5] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[6] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[7] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[8] LIU Qin. Study on Data Quality Based on Constraint in Computer Forensics[J]. Computer Science, 2018, 45(4): 169 -172 .
[9] ZHONG Fei and YANG Bin. License Plate Detection Based on Principal Component Analysis Network[J]. Computer Science, 2018, 45(3): 268 -273 .
[10] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99, 116 .