Improvement of Protocol Anomaly Detection Based on Markov Chain and Its Application

机译：基于马尔可夫链的协议异常检测的改进及其应用

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

As we know, a lot of network attacks come from abusing different network protocols and several new attacks violate the protocol standard. Kumar Das first presented the concept of the protocol anomaly detection. The idea of protocol anomaly detection is not new but interesting. It aims to set up models for proper use of protocols and any behavior that departs from the models will be regarded as an intrusive or suspicious one. In this paper, we made some improvements that aim at the lack of stochastic protocol models based on Markov Chain and made some evaluations for that presented by Juan M. Some necessary states are added to the protocol model. Furthermore, the initial and transition probabilities are more precise. Also, we propose to combine Chi-Square Distance into Markov Chain method to detect protocol anomaly. The experimental results show that SYN Flooding attack can be detected efficiently by the new approach.

机译：众所周知，许多网络攻击来自滥用不同的网络协议，还有几种新的攻击违反了协议标准。 Kumar Das首先提出了协议异常检测的概念。协议异常检测的想法并不是新事物而是有趣的。它旨在建立适当使用协议的模型，任何偏离模型的行为都将被视为侵入性或可疑的行为。在本文中，我们针对缺少基于Markov Chain的随机协议模型进行了一些改进，并对Juan M提出的模型进行了一些评估。在协议模型中添加了一些必要的状态。此外，初始概率和过渡概率更为精确。此外，我们建议将卡方距离结合到马尔可夫链方法中以检测协议异常。实验结果表明，新方法可以有效地检测到SYN Flooding攻击。

著录项

来源
《ISPA 2005 International Workshops : AEPP, ASTD, BIOS, GCIC, IADS, MASN, SGCA, and WISA; 20051102-05; NanJing(CN)》|2005年|P.387-396|共10页
会议地点 NanJing(CN)
作者
Zheng Qin; Na Li; Da-fang Zhang; Nai-Zheng Bian;
展开▼
作者单位

College of Software, Hunan University, 410082, ChangSha, China;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类一般性问题;
关键词
intrusion detection; protocol anomaly detection; markov chain; chi-square distance; DARPA evaluation dataset;

机译：入侵检测；协议异常检测；马尔可夫链；卡方距离； DARPA评估数据集;

相似文献

外文文献
中文文献
专利

1. Adaptive Anomaly Detection in the Behavior of Computer Systems Users on the Basis of Markov Chains of Variable Order. Part Ⅱ. Anomaly Detection Methods and Experimental Results [J] . N.N. KUSSUL, A.M. SOKOLOV Journal of automation and information sciences . 2003,第5a8期

机译：基于变阶马尔可夫链的计算机系统用户行为中的自适应异常检测。第二部分。异常检测方法和实验结果
2. Adaptive Anomaly Detection of Computer System User's Behavior Applying Markovian Chains with Variable Memory Length. Part Ⅰ. Adaptive Model of Markovian Chains with Variable Memory Length [J] . N.N. KUSSUL, A.M. SOKOLOV Journal of automation and information sciences . 2003,第5a8期

机译：应用可变内存长度的马尔可夫链对计算机系统用户行为进行自适应异常检测。第一部分。变长记忆马尔可夫链的自适应模型
3. Anomaly Detection of User Behavior Based on Shell Commands and Homogeneous Markov Chains [J] . TIAN Xinguang, DUAN Miyi, LI Wenfa, 电子学报：英文版 . 2008,第002期

机译：基于Shell命令和齐次马尔可夫链的用户行为异常检测
4. Anomaly detection boundary based on the moving averages of Markov chain model [C] . Deqiang Chen International Conference on Natural Computation;International Conference on Fuzzy Systems and Knowledge Discovery . 2015

机译：基于马尔可夫链模型移动平均值的异常检测边界
5. Sequential change-point analysis of Markov chains with application to fast detection of epidemic trends. [D] . Yu, Xian. 2010

机译：马尔可夫链的顺序变化点分析及其在快速检测流行趋势中的应用。
6. Collective Anomalies Detection for Sensing Series of Spacecraft Telemetry with the Fusion of Probability Prediction and Markov Chain Model [O] . Jingyue Pang, Datong Liu, Yu Peng, 2019

机译：概率预测与马尔可夫链模型融合的航天器遥测传感系列集体异常检测
7. An efficient hidden markov model training scheme for anomaly intrusion detection of server applications based on system calls [O] . X. D. Hoang, J. Hu 2013

机译：一种基于系统调用的服务器应用程序异常入侵检测的有效隐马尔可夫模型训练方案

Improvement of Protocol Anomaly Detection Based on Markov Chain and Its Application

摘要

著录项

相似文献

相关主题

期刊订阅