检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]安阳工学院科研处,河南安阳455000 [2]安阳工学院人事处,河南安阳455000
出 处:《计算机测量与控制》2014年第10期3406-3409,共4页Computer Measurement &Control
基 金:国家自然科学基金项目(U1204613)
摘 要:传统的网络入侵检测方法存在着检测率低和无法进行在线检测的问题,为此设计了一种基于节点生长马氏距离K均值和HMM的网络入侵检测方法;首先,给出了入侵检测系统框图,然后,以马氏距离为评价准则,提出了一种节点根据距离阈值进行自适应生长的K均值算法以实现样本的聚类,得到样本属于各攻击类型的后验概率,并采用此后验概率来初始化HMM中的初始矢量分布、状态转移概率和观察值概率等参数,通过前向评估准则和后向评估准则对HMM模型进行训练,从而获得了HMM检测模型,将样本输入到各检测模型中并将概率最大的检测模型作为其攻击类型;仿真试验表明所提方法能有效地实现网络入侵检测,不仅具有较高的检测率,而且具有较低的误检率和漏检率,是一种有效的网络入侵检测方法。The traditional network intrusion detection method has the low detection rate and can not detect on--line, therefore, a net- work intrusion detection method based on Mahahanobis distance and HMM is proposed. Firstly, the intrusion detection system framework is described, then using the Mahahanobis distance as the evaluating function, an improved K-- means algorithm with the adaptive grow of nodes is introduced to get the cluster, so the posterior probability of samples attributing to the intrusion types is obtained, and it is used to initialize the distribution, state transferring probability and observation probability, the forward and backward evaluating rules are used to train the HMM, therefore, the HMM detection model is obtained, and the sample can be input to all the models and make the model with biggest probability as the final attack type. The simulation experiment shows the method proposed in this paper can effectively realize the intrusion detection, it not only has the higher detection rate, and has lower error detection rate and loss diction rate, and it is an effective intrusion de- tection method.
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15