| Today, Internet has already been an indispensable part of people's daily life as the computer network has developed rapidly;at the same time, the security of network draws more and more attention of people. At present, there are many technologies of network safeguard, for example, firewall, access control, data encryption;But all of these technologies are static defensive tools, which can not totally assure the security of network and resist the attack of hacker. Under this background, Intrusion Detection System has been a new direction, which can initiatively and dynamically provide security safeguard and supply the limitation traditional network security technologies.The Hidden Markov Model (HMM) has many excellent features, for instance its mature algorithm, high efficiency, easy training etc;so it has extensive application in a lot of fields, such as phonetic recognition. The HMM can reduce the false-positive rate and increase the detection rate in anomaly intrusion detection. This paper analyzes the utility of system call information in intrusion detection, then a new method for anomaly detection based on system call sequences and HMM is presented. The system call sequences of normal processes are modeled using HMM, which is improved by reducing the detection range. The algorithms including average probability algorithm and probability match algorithm for anomaly detection of this HMM are brought forward. Experiments prove the algorithms more accurate and more simply than stide can do. The algorithms are not only useful in theory, but also can be used in practice to monitor the computer system in real time. |
PDF Full Text Request