Research On Network Intrusion Detection Based On Maximum Entropy Markov Model

The rapid development of the network brings many security problems.Network intrusion detection,as an effective security protection measure,can guarantee the property and information security of netizens and countries to a great extent.Therefore,it is very important to establish an efficient and practical network intrusion detection system.This paper analyzes the current research situation of network intrusion detection,while comparing the existing network intrusion detection research methods and their features.We finds that most of the existing research methods only focus on the accuracy and the detection efficiency of intrusion detection.However,the recall rate and stability of the model are relatively shallow.In view of these problems,a network intrusion detection method based on the maximum entropy Markov model(MEMM)is proposed on the basis of the hidden Markov model(HMM).In order to improve the efficiency of intrusion detection,the Baum-Welch algorithm in the model training stage is improved.In the parameter estimation process of the traditional Baum-Welch algorithm,all the parameters are obtained by iteration,which consumes a great deal of time cost.In view of this problem,this paper proposes to optimize the process of solving parameters in Baum-Welch parameter estimation algorithm by using conditional entropy,and to shorten the time of parameter evaluation by replacing iterative calculation with probability formula calculation.The experimental results show that the training time of the model is shortened after the algorithm is improved.The results of comparison with other methods show that the MEMM model training time is less than that of other methods when the training data is small.In order to make the threshold definition more accurate and improve the recall rate and stability of the intrusion detection model,this paper extends the application of the Forward algorithm and applies it to the maximum entropy Markov model,called the MEMM-Forward algorithm.The improved Forward algorithm extends the application range of MEMM and has greatly improved in solving the problem of identification.The effectiveness of this method is verified by experimental evaluation.And compared with other related intrusion detection methods,the detection methods proposed in this paper have improved in the recall rate and stability.