Research Of Intrusion Detection System Based On Hidden Markov Model

With the development of the network techniques, the network is becoming moreand more important in our work and daily life, but follows closely theinformationization development network security question to be day by day prominent,the network security becomes day by day important. Although the conventionaltechnology such as the firewall can defend against the network virus in a way, it isinconscient for defending against some attack actively. So intrusion detectiontechnology application make up for the deficiency of the traditional defense measures,is an important part of the whole information safety protection.The paper is based on the System Call and the object of study is the intrusiondetection based on the hidden markov model (HMM) of the System Call. In order tosolve the problem that HMM is sensitive to initial parameters,the paper optimizesHMM using genetic algorithm (GA), and works out abnormal invasion algorithm basedon GA combined with HMM. So the accuracy of the model is improved, and the lowerfalse positives of the intrusion detection as well as the higher detection rate areachieved.The research content mainly includes that:（1） The concept of the intrusion detection, system model and the differentclassification of way of the intrusion detection technology are introduced in the paper,and the classification of the intrusion detection technology is analyzed and compared.（2） With the system calls as the data source of the intrusion detection, and thestudy of the intrusion detection method of HMM, the advantage of using the systemcalls as the data source of the intrusion detection is analyzed, and then the concept ofHMM is introduced. The basic problems of the model are analyzed and summarized inthe paper, and the feasibility of the model combined with intrusion detection isdiscussed. The working process of the intrusion detection method based on the hiddenmarkov model of the System Call is also explained.（3） The intrusion detection method based on the hidden markov model of theSystem Call is intensive studied, and then the feasibility of combining the geneticalgorithm with the hidden markov model is analyzed, which is based on the study of thetraditional HMM for initial parameters sensitive problem.（4） The intrusion detection framework of the GA combined with the HMM isproposed, and in order to improve the accuracy of the model, the optimal hidden markov initial model is acquired by using the GA to optimize the traditional HMMinitial parameters.（5） The intrusion detection algorithm of the GA combined with the HMM isdesigned and realized. Firstly, the realization of the whole process of the algorithm andthe establishment of the model are explained detailed; and then in the initial module, theparameters of the genetic algorithm is determined and the initial parameters B is coded,meanwhile fitness function, crossover operator and genetic operator are designed andthe control parameters of the algorithm is determined, after that the optimal initial valueof parameter is achieved by the software; the model training algorithm, model detectionalgorithm and the design of the threshold are also explained detailed in the paper.Finally, the experiments are enforced by using privilege process system call sequence ofthe Computer College of the New Mexico state university the privilege of computerscience in the United States, and the test results of the intrusion detection algorithm areanalyzed and summarized.In the paper the intrusion detection algorithm is designed by combining the geneticalgorithm with the hidden markov model, and the accuracy of the model is improved, sothe lower false positives of the intrusion detection and the higher anomaly detection rateare achieved.