基于时变加权马尔科夫链的网络异常检测模型

doi:10.11896/j.issn.1002-137X.2017.09.027

摘要/Abstract

摘要： 随着互联网技术的迅猛发展,网络入侵事件日益频发,入侵检测对于保障网络安全具有重要意义。针对网络入侵检测的迫切需求,提出一种基于时变加权马尔科夫链的网络异常检测模型,使用组合状态转移概率矩阵来描述状态转移。利用DARPA 2000数据集在NT系统上重放时产生的事件log作为实验数据以验证该模型的效果,并与普通时变加权马尔科夫链模型进行比较,仿真实验结果表明该模型能够对网络进行实时入侵检测,具有较高的准确性和较强的鲁棒性,并且能够有效降低误测率和漏测率。

关键词: 网络安全,加权马尔科夫,时变模型,入侵检测

Abstract: With the rapid development of the Internet,the network intrusion events are becoming more and more frequent,and the instruction detection is of great significance to the protection of network security.In view of the urgent demand of real-time instruction detection,a model of network instruction detection based on time-varying weighted Markov chain model was proposed in this paper.This model uses the combined state sequence to describe state transition.The log event generated by the DARPA2000 data set on the NT system was used as the experimental data to carry out simulation experiments,and the time-varying weighted Markov chain model were compared. The simulation results show that the model mentioned in this paper can be used for real-time instruction detection,which has high accuracy,strong robustness,and can effectively reduce the false detection rate.

Key words: Network security,Weighted Markov,Time varying model,Instruction detection

王笑,戚湧,李千目. 基于时变加权马尔科夫链的网络异常检测模型[J]. 计算机科学, 2017, 44(9): 136-141. https://doi.org/10.11896/j.issn.1002-137X.2017.09.027

WANG Xiao, QI Yong and LI Qian-mu. Network Anomaly Detection Model Based on Time-varying Weighted Markov Chain[J]. Computer Science, 2017, 44(9): 136-141. https://doi.org/10.11896/j.issn.1002-137X.2017.09.027

参考文献

[1] LIANG Y J,XU L L,TANG W.CNCERT released the 2013 Internet network security Posture Review[J].China Information Security,2014,26(4):20.(in Chinese) 梁玉坚,徐玲玲,唐雯.CNCERT发布《2013年互联网网络安全态势综述》[J].中国信息安全,2014,26(4):20.
[2] National computer network emergency technology coordination center.Review of China’s Internet security situation in 2015 [J].Secrecy Science and Technology,2016(4):12-16.(in Chinese) 国家计算机网络应急技术处理协调中心.2015 年我国互联网网络安全态势综述[J].保密科学技术,2016(4):12-16.
[3] SAHA D,MUKHERJEE A.Pervasive Computing:A Paradigm for the 21st Century[J].Computer,2003,36(3):25-31.
[4] MARY M.Internet Trends 2016[EB/OL].[2016-09-28].http://www.kpcb.com/internet-trends.
[5] HUANG J Z,ZHU M L.Review of anomaly detection based on program [J].Computer Science,2011,38(6):7-13.(in Chinese) 黄金钟,朱淼良.基于程序的异常检测研究综述[J].计算机科学,2011,38(6):7-13.
[6] QING S H,JIANG J C,MA H T,et al.Survey of intrusion detection technology [J].Journal of Communication,2004,25(7):19-29.(in Chinese) 卿斯汉,蒋建春,马恒太,等.入侵检测技术研究综述[J].通信学报,2004,25(7):19-29.
[7] GOVINDARAJAN M,CHANDRASEKARAN R.Intrusion detection using neural based hybrid classification methods[J].Computer Networks,2011,55(8):1662-1671.
[8] GARC,A-TEODORO P,AZ-VERDEJO J,et al.Anomaly-based network intrusion detection:Techniques,systems and challenges[J].Computers & Security,2009,28(1/2):18-28.
[9] MOHAMMAD M N,SULAIMAN N,MUHSIN O A.A novel intrusion detection system by using intelligent data mining in weka environment[J].Procedia Computer Science,2011,3(1):1237-1242.
[10] AMBUSAIDI M A,HE X,NANDA P,et al.Building an intrusion detection system using a filter-based feature selection algorithm[J].IEEE Transactions on Computers,2016,65(10):2986-2998.
[11] BIERMANN E,CLOETE E,VENTER L M.A comparison ofIntrusion Detection systems[J].Computers & Security,2001,20(8):676-683.
[12] PALOMO E J,DOMNGUEZ E,LUQUE R M,et al.An Intrusion Detection System Based on Hierarchical Self-Organization[C]∥International Workshop on Computational Intelligence in Security for Information Systems(Cisis’08).Genova,Italy,October.DBLP,2008:139-146.
[13] HAN S J,CHO S B.Detecting intrusion with rule-based integration of multiple models[J].Computers & Security,2003,22(7):613-623.
[14] YANG Y H,HUANG H Z,SHEN Q N,et al.Intrusion detection based on incremental GHSOM neural network model[J].Journal of Computer Science,2014(5):1216-1224.(in Chinese) 杨雅辉,黄海珍,沈晴霓,等.基于增量式GHSOM神经网络模型的入侵检测研究[J].计算机学报,2014(5):1216-1224.
[15] CHEN X,TAO J,et al.Intrusion detection algorithm based on Bias game model in wireless networks [J].Journal of Communication,2010,31(2):107-112(in Chinese) 陈行,陶军,等.无线网络中基于贝叶斯博弈模型的入侵检测算法研究[J].通信学报,2010,31(2):107-112.
[16] WANG H,CHEN H Y,LIU S F,et al.Intrusion detection system based on improved naive Bayes algorithm [J].Computer Science,2014,41(4):111-115.(in Chinese) 王辉,陈泓予,刘淑芬,等.基于改进朴素贝叶斯算法的入侵检测系统[J].计算机科学,2014,41(4):111-115.
[17] DUAN X T,JIA C F,LIU C B.Detection method of hierarchical hidden Markov model and variable length semantic model based on Intrusion [J].Journal of Communication,2010,31(3):109-114.(in Chinese) 段雪涛,贾春福,刘春波.基于层次隐马尔科夫模型和变长语义模式的入侵检测方法[J].通信学报,2010,31(3):109-114.
[18] ZHANG Y,TAN X B,CUI X L,et al.Network security situation awareness method based on Markov game model [J].Chinese Journal of Software,2011,22(3):495-508.(in Chinese) 张勇,谭小彬,崔孝林,等.基于Markov博弈模型的网络安全态势感知方法[J].软件学报,2011,22(3):495-508.
[19] XI R R,YUN X C,ZHANG Y Z,et al.An improved quantitative evaluation method of network security situation [J].Chinese Journal of Computers,2015,38(4):749-758.(in Chinese) 席荣荣,云晓春,张永铮,等.一种改进的网络安全态势量化评估方法[J].计算机学报,2015,38(4):749-758.
[20] FENG X W,WANG D X,HUANG M H,et al.A method of causal knowledge mining based on Markov [J].Computer Research and Development,2014,51(11):2493-2504.(in Chinese) 冯学伟,王东霞,黄敏桓,等.一种基于马尔科夫性质的因果知识挖掘方法[J].计算机研究与发展,2014,51(11):2493-2504.
[21] DENG X Y,DENG Y,ZHANG Y J,et al.A Markov reliability model and application [J].Journal of Automation,2012,38 (4):666-672.(in Chinese) 邓鑫洋,邓勇,章雅娟,等.一种信度马尔科夫模型及应用[J].自动化学报,2012,38(4):666-672.
[22] LI F W,DENG W,ZHU J.A network security situation prediction mechanism based on complex network [J].Computer Application Research,2015,32(4):1141-1144.(in Chinese) 李方伟,邓武,朱江.一种基于复杂网络的网络安全态势预测机制[J].计算机应用研究,2015,32(4):1141-1144.
[23] DONG J.Research on improved HMM network security risk as-sessment method [D].Wuhan:Huazhong University of Science and Technology,2008.(in Chinese) 董静.改进的HMM网络安全风险评估方法研究[D].武汉:华中科技大学,2008.
[24] LEI J.Research on network security threat and situation assessment [D].Wuhan:Huazhong University of Science and Technology,2008.(in Chinese) 雷杰.网络安全威胁与态势评估方法研究[D].武汉:华中科技大学,2008.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed