The parameter optimization based on LVPSO algorithm for detecting multi-step attacks

Proceedings of the 16th ACM International Conference on Computing Frontiers Pub Date : 2019-04-30 DOI:10.1145/3310273.3323048

Jianguo Jiang, Qiwen Wang, Zhixin Shi, Bin Lv, W. Fan, Xiao Peng

{"title":"The parameter optimization based on LVPSO algorithm for detecting multi-step attacks","authors":"Jianguo Jiang, Qiwen Wang, Zhixin Shi, Bin Lv, W. Fan, Xiao Peng","doi":"10.1145/3310273.3323048","DOIUrl":null,"url":null,"abstract":"How to detect intrusion attacks is a big challenge for network administrators since the attacks involve multi-step nowadays. The hidden markov model (HMM) is widely used in the field of multi-step attacks detection. However, the existing traditional Baum-Welch algorithm of HMM has two shortcomings: one is the number of attack states need to be determined in advance, the other is the algorithm may make the parameters converge to a local (not overall) optimal solution. In this paper, we propose a novel LVPSO-HMM algorithm based on variable length particle swarm optimization, which solves the shortcomings mentioned above. Concretely, it can optimize the number of attack states when the attacks state is unknown and it can make the model parameters converge to a global optimal solution. Then, we present a multi-step attack detection model architecture whose main idea is, when the number of attack states is unknown in the actual network environment LVPSO-HMM algorithm is used to solve the problem of relying on prior knowledge in current detection. Experiments on the well-known Darpa2000 dataset verify the efficiency of the method.","PeriodicalId":431860,"journal":{"name":"Proceedings of the 16th ACM International Conference on Computing Frontiers","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-04-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th ACM International Conference on Computing Frontiers","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3310273.3323048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

How to detect intrusion attacks is a big challenge for network administrators since the attacks involve multi-step nowadays. The hidden markov model (HMM) is widely used in the field of multi-step attacks detection. However, the existing traditional Baum-Welch algorithm of HMM has two shortcomings: one is the number of attack states need to be determined in advance, the other is the algorithm may make the parameters converge to a local (not overall) optimal solution. In this paper, we propose a novel LVPSO-HMM algorithm based on variable length particle swarm optimization, which solves the shortcomings mentioned above. Concretely, it can optimize the number of attack states when the attacks state is unknown and it can make the model parameters converge to a global optimal solution. Then, we present a multi-step attack detection model architecture whose main idea is, when the number of attack states is unknown in the actual network environment LVPSO-HMM algorithm is used to solve the problem of relying on prior knowledge in current detection. Experiments on the well-known Darpa2000 dataset verify the efficiency of the method.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于LVPSO算法的参数优化检测多步攻击

由于入侵攻击涉及多个步骤，如何检测入侵攻击成为网络管理员面临的一大挑战。隐马尔可夫模型(HMM)广泛应用于多步攻击检测领域。然而，现有的传统HMM的Baum-Welch算法存在两个缺点:一是需要提前确定攻击状态的数量，二是算法可能使参数收敛到局部(而不是整体)最优解。本文提出了一种基于变长粒子群优化的LVPSO-HMM算法，解决了上述不足。具体来说，它可以在攻击状态未知的情况下优化攻击状态的个数，使模型参数收敛到全局最优解。然后，我们提出了一种多步攻击检测模型体系结构，其主要思想是在实际网络环境中攻击状态数未知的情况下，采用LVPSO-HMM算法解决当前检测中依赖先验知识的问题。在著名的Darpa2000数据集上的实验验证了该方法的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 16th ACM International Conference on Computing Frontiers

自引率

0.00%

发文量