• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2007, Vol. 29 ›› Issue (8): 19-22.

• 论文 • 上一篇    下一篇

基于隐马尔可夫模型的攻击意图识别技术研究

孙一品 钟求喜 苏金树   

  • 出版日期:2007-08-01 发布日期:2010-06-02

  • Online:2007-08-01 Published:2010-06-02

摘要:

攻击意图识别是海量报警数据处理的重要技术。隐马尔可夫模型HMM能够很好地对复杂攻击行为建模,但对含干扰因素报警序列的攻击意图识别效果不够理想。本文为此提出 了改进方案,并根据攻击意图识别的特殊性定义了新的解码问题,设计了解码算法。

关键词: 入侵检测 攻击意图识别 隐马尔可夫模型 解码算法

Abstract:

Intention recognition is one of the most important approaches in handling the huge number of alerts, Althougn the Hidden Markov Models(HMM) describes complex Internet attacks well, it can not be applied directly in intention recognition because of its weak ability in distinguishing the disturbing alerts. The paper proposes a scheme to overcome the flaw. We redefine the decode problem of HMM according to the characteristics of intention recognition,and implement the decode algorithm too.

Key words: intrusion detection, intention recognition, HMM, decode algorithm