Abstract: It is difficult to detect complicated network attacks effectively. The inherent characteristics of complicated network attacks are analyzed. A new HMM model for detecting sophisticated network attacks is proposed. The alarm event sequences from different network monitors are correlated and their inherent relationship is mined so as to detect complicated network attacks. Experimental results show that the model can recognize complicated network attacks effectively.

Key words: computer network, network attacks, Hidden Markov Model(HHM) model, intrusion detection

摘要： 针对检测复杂网络攻击的难度，剖析复杂网络攻击的本质特征，提出一种基于HMM的入侵检测模型，通过关联分析不同网络监视器产生的报警事件序列，挖掘这些报警事件的内在联系，进而检测复杂网络攻击。实验结果表明，该模型能有效地识别复杂网络攻击的类别。

关键词: 计算机网络, 网络攻击, 隐马尔可夫模型, 入侵检测

CLC Number: 

• TP309