The Research Of HMM Anomaly Detection Approach Based On Network

Intrusion detection technology is a important ingredient of computer securitytechnology. At present, misuse detection approach has been mature, but anomalydetection approach still to be at the research stage, so the research of anomalydetection approach become an important direction of the computer securitytechnology area.From the basic thought and concept of HMM, the article establishes the prototypeof HMM anomaly detection based on network. To resolve some problems which producedfrom the practical application environment, a improved means that partition theobserved object to several fields is proposed to improve the prototype, by whichwe establish the feasible HMM of anomalous detection based on network. The slidingwindow concept is introduced to solve the problem of excessively small probabilityvalue. In the model training aspect, the model training algorithm and the matrixB renewal algorithm was created.A model testing program that takes the fixed forehead of IP and TCP as the observedobject is produced. Some important results, which include the model trainingalgorithm, the matrix B renewal algorithm, the relation of forgotten factor R andmatrix B and the function of model anomaly detection, are confirmed by theexperimental results and the analysis of them.