基于HMM的私有协议自主学习方法
发布时间:2019-02-24 20:04
【摘要】:针对近年来工控网络中私有协议的广泛应用,给安全研究带来许多挑战,提出基于隐马尔可夫模型的私有协议自主学习方法,仅通过流量数据得到私有协议报文结构的有限状态机模型。并且针对Baum-Welch算法需要先验知识的缺点,基于因果态分割重建算法的思想,设计出求解私有协议报文结构ε机模型的CAPP算法,避免了局部最优和由于缺乏先验知识所产生的参数选择问题;通过公有协议FTP、Modbus TCP以及私有协议WDB RPC对方法的有效性进行了实验验证。最后讨论了下一步的研究方向。
[Abstract]:In view of the wide application of private protocols in industrial control networks in recent years, which brings many challenges to security research, a private protocol autonomous learning method based on hidden Markov model is proposed. The finite state machine model of private protocol packet structure is obtained only by traffic data. Aiming at the shortcoming of Baum-Welch algorithm which needs prior knowledge, based on the idea of causal state partition reconstruction algorithm, a CAPP algorithm is designed to solve the 蔚 machine model of private protocol message structure. The problem of parameter selection caused by local optimization and lack of prior knowledge is avoided. The effectiveness of the method is verified by public protocol FTP,Modbus TCP and private protocol WDB RPC. Finally, the next research direction is discussed.
【作者单位】: 火箭军工程大学信息工程系;
【基金】:国家自然科学基金青年基金资助项目(61403397) 陕西省自然科学基础研究计划资助项目(2015JM6313)
【分类号】:TP181
本文编号:2429884
[Abstract]:In view of the wide application of private protocols in industrial control networks in recent years, which brings many challenges to security research, a private protocol autonomous learning method based on hidden Markov model is proposed. The finite state machine model of private protocol packet structure is obtained only by traffic data. Aiming at the shortcoming of Baum-Welch algorithm which needs prior knowledge, based on the idea of causal state partition reconstruction algorithm, a CAPP algorithm is designed to solve the 蔚 machine model of private protocol message structure. The problem of parameter selection caused by local optimization and lack of prior knowledge is avoided. The effectiveness of the method is verified by public protocol FTP,Modbus TCP and private protocol WDB RPC. Finally, the next research direction is discussed.
【作者单位】: 火箭军工程大学信息工程系;
【基金】:国家自然科学基金青年基金资助项目(61403397) 陕西省自然科学基础研究计划资助项目(2015JM6313)
【分类号】:TP181
【相似文献】
相关期刊论文 前5条
1 杨国亮;王志良;刘冀伟;陈锋军;王国江;;一种改进的HMM训练算法及其在面部表情识别中的应用[J];计算机科学;2006年11期
2 陆汝华;王鲁达;;基于状态加权合成的HMM滚动轴承故障诊断[J];轴承;2011年10期
3 李士民,郭立,朱嘉;一种基于HMM的多传感器多目标快速跟踪算法[J];系统工程与电子技术;2002年05期
4 黎昱,黄席樾,周欣;基于免疫聚类与HMM的时序信息系统决策[J];信息与控制;2003年05期
5 肖佳林;赵聿晴;王英;;基于HMM与SVM的语音活动检测[J];计算机工程;2014年01期
相关硕士学位论文 前2条
1 曹立立;基于HMM的TE过程在线故障诊断与多步故障预报[D];华中科技大学;2015年
2 谢丽君;基于HMM的家庭服务机器人情感计算模型研究[D];华南理工大学;2011年
,本文编号:2429884
本文链接:https://www.wllwen.com/kejilunwen/zidonghuakongzhilunwen/2429884.html
