As to solving the issues of insufficient training data and initial parameters sensitive in existing protocol anomaly de-tection based on hidden Markov model,this paper presented a new protocol anomaly detection method based on improved genet-ic algorithm and hidden Markov model.First,it used the local competitive selection strategy,arithmetic crossover and adaptive non-uniform mutation operator to improve the genetic algorithm,in order to avoid the premature and stagnation problemin in tra-ditional genetic algorithm.Then,it recommended the improved genetic algorithm to optimizethe initial parameters of hidden Markov model to avoid the initial model parameters sensitive issue.Finally,it took the keyword and keyword interval as training observations,described the behavior of protocol in detail to expand the training sample space.Experimental results on DARPA 1999 data set show that the method has higher detection rate and low false alarm rate.%针对现有基于隐Markov模型的协议异常检测方法中存在的训练样本不足和初始参数敏感问题,提出一种基于改进遗传算法和隐Markov模型的协议异常检测新方法。首先,采用局部竞争选择策略、算术交叉算子和自适应非均匀变异算子改进遗传算法,避免传统遗传算法在收敛过程中的早熟和停滞问题;然后,利用改进的遗传算法优化隐Markov模型的初始参数,解决模型对初始参数敏感的问题;最后,以协议关键词和关键词时间间隔作为训练观测值,细粒度地描述协议行为,扩大模型的训练样本空间。在DARPA 1999数据集上的实验结果表明,该方法具有很高的检测率和较低的误报率。
展开▼
