摘要
恶意行为检测是通过观察分析智能体一系列行为过程中的动作和行为识别其行为目的的方法。为了排除智能体行为的复杂性、误导性带来的影响,以隐马尔可夫为基础构造规划识别方法,综合分析多个智能体行为之间的关联关系推测行为目的性。文章提出恶意行为检测模型的整体框架,简述了复杂数据下的特征抽象方法,进而提出基于隐马尔可夫实现的规划识别方法,利用可观察节点与隐藏节点之间的关联关系分析预测。以UNIX系统日志为对象设计实验实例,验证方法的有效性,实验结果表明在合理提取攻击特征的情况下,方法对于恶意行为操作有较好的学习与检测性能。
Malicious behavior detection is a method to identify the purpose of an agent by observing and analyzing the actions and behaviors of the agent in a series of behaviors. In order to eliminate the complexity and misleading influence of the agent’s behavior,a hidden Markov-based structural planning identification method is used to comprehensively analyze the association relationship between multiple agents’ behaviors to infer the purpose of the behavior. This paper proposes the overall framework of a malicious behavior detection model,briefly describes the feature abstraction method under complex data,and then proposes a planning recognition method based on hidden Markov implementation,the relationship between observable nodes and hidden nodes is used to analyze and predict. An experimental example is designed using UNIX system logs as an object to verify the effectiveness of the method. The experimental results show that the method has good learning and detection performance for malicious behavior operations under the condition of reasonable extraction of attack characteristics.
作者
任新东
胡广朋
REN Xindong;HU Guangpeng(School of Computer,Jiangsu University of Science and Technology,Zhenjiang 212003)
出处
《计算机与数字工程》
2022年第2期373-376,382,共5页
Computer & Digital Engineering
关键词
规划识别
行为检测
网络安全防护
隐马尔可夫模型
plan recognition
behavior detection
network security protection
hidden Markov model
