摘要
随着网络规模日益扩大,网络安全事件层出不穷,传统的网络入侵检测方法已不能满足当前网络的发展态势。为解决传统入侵检测方法中误报率过高、检测率和检测效率低等问题,提出了一种基于马尔可夫决策过程的入侵检测模型。在入侵检测系统内,根据马尔可夫的基本要素建立马尔可夫决策过程,采用模糊层次分析法为用户设置信用度,完成对用户信用度体系和数据库的构建,通过检测引擎学习得到马尔可夫决策过程的最优策略。在最优策略求解中采用策略迭代方法,其核心思想是给定当前策略函数进行状态价值函数V的评估,对状态价值函数采用贪心算法来提高策略函数,使得未来的回报最大同时输出最优价值函数。最后为了验证该方法的有效性,将MDP-IDS模型与支持向量机模型进行对比,实验结果表明MDP-IDS模型能够提高入侵检测率和检测效率,降低系统误报率。
With the increasing scale of the network and the emergence of network security events,traditional network intrusion detection methods can no longer meet the current development trend of the network.In order to solve the problems of high false alarm rate,low detection rate and low detection efficiency in traditional network intrusion detection methods,we propose an intrusion detection model based on Markov decision process.In the intrusion detection system,the Markov decision process is established according to the basic elements of Markov,the fuzzy analytic hierarchy process is used to set the credit for the user,thus completing the user credit system and database,and the optimal strategy of Markov decision process is obtained through the detection engine learning.The strategy iteration method is used in the optimal strategy solution.The core idea is to evaluate the state value function V given the current strategy function.The greedy algorithm is used to improve the strategy function for the state value function,so that the future return is maximized and the optimal value function is output.Finally,in order to verify the effectiveness of the proposed method,the MDP-IDS model is compared with the support vector machine model.The experiment shows that the MDP-IDS model can improve the intrusion detection rate and detection efficiency,and reduce the system false alarm rate.
作者
董凯
赵旭
DONG Kai;ZHAO Xu(School of Computer Science,Xi’an Polytechnic University,Xi’an 710600,China)
出处
《计算机技术与发展》
2021年第5期131-136,共6页
Computer Technology and Development
基金
陕西省科技计划项目(2019KRM153)
西安市科技创新引导项目(201805030YD8CG14(8))。
关键词
马尔可夫决策过程
入侵检测
信用度
模糊层次分析法
贪心算法
Markov decision process
intrusion detection
credibility
fuzzy analytic hierarchy process
greedy algorithm
