Study Of Protocol Anomaly Detection Technology Based On HMM

With the development of the network technology and the expanding utilization of the technology, the network security problems become increasingly severe. A number of security technologies and mechanisms have been developed to enhance the security of computer network. Among the technologies, the protocol anomaly detection is a new technology of the anomaly detection. Compared with other traditional anomaly detection technologies, the protocol anomaly detection is more efficient and faster. So it can reduce the damage of network attack more effectively.Based on the deep analysis of architecture and detection technologies of existing IDS(Intrusion Detection System), a new protocol anomaly detection technology based on HMM(Hidden Markov Model) is introduced in this paper. And we have achieved the following results on our research:1. Introducing protocol analysis to the anomaly detection, it can build the normal behavior models more exactly than other anomaly detection technologies.2. Introducing HMM method to the anomaly detection, it has much more advantages than other methods when building models.3. Improving the traditional model estimation algorithm to make the model more practical.4. Putting forward an algorithm based on HMM which is applied to protocol anomaly detection. This algorithm has higher accurate rate, but requires smaller storage and it's simple to implement.5. Designing and implementing a protocol anomaly detection module based on HMM. And experiments demonstrated that the system could respond to anomaly protocol immediately and reasonably, concluded that the traffic which deviates from the normal model contained intrusion behaviors. So it has achieved the goal of our design.This paper first introduces the basic concept, general features and different classification of intrusion detection technology and HMM, then describes the protocol anomaly detection technology based on HMM in detail, which is the key content of this paper. Finally, the experimental result on the system is presented.