Using Hidden Markov Model in Anomaly Intrusion Detection
ثبت نشده
چکیده
Hidden Markov Model (HMM) has been successfully used in speech recognition and some classification areas. Since Anomaly Intrusion Detection can be treated as a classification problem, we proposed some basic idea on using HMM model to modeling user's behavior. Then we tried HMM modeling on the real SIAC company log data. The results are not good, the reasons are: 1. SIAC data gives us too little information that can distinguish normal behavior and anomaly behavior; 2. Anomaly Intrusion Detection is a very hard topic. By now, it is still in academic research area without real application; 3. HMM is suitable for one-dimension sequence classification, like voice wave or spectrum. Typical anomaly detection data are multi-dimensional sequences with continuous and discrete variables mixed together. It seems that HMM is not quite suitable for anomaly intrusion detection task.
منابع مشابه
Intrusion Detection Using Evolutionary Hidden Markov Model
Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training, ...
متن کاملIntrusion Detection Based on Hidden Markov Model
The intrusion detection technologies of the network security are researched, and the tec<nologies of pattern recognition are used to intrusion detection. lnhusion detection rely on a wide variety of observable data to distinguish between legitimate and illegitimate activities. Hidden Markov Model (HMM) has been successfully used in speech recognition and some classification areas. Since Anomaly...
متن کاملModelling Intrusion Detection System using Hidden Markov Model: A Review
Information security has become a major concern to various businesses and organizations and requires an intelligent security system that can automatically detect the intrusions. An Intrusion Detection System (IDS) is used for this purpose. An Intrusion Detection System has become popular tool for observing patterns of activities in user accounts and detects malicious behaviour. Hidden Markov Mo...
متن کاملA Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection
This paper aims to analyse the performance of Hidden Markov Model (HMM) and Support Vector Machine (SVM) for anomaly intrusion detection. These techniques discriminate between normal and abnormal behaviour of network traffic. The specific focus of this study is to investigate and identify distinguishable TCP services that comprise of both normal and abnormal types of TCP packets, using J48 deci...
متن کاملA multi-layer model for anomaly intrusion detection using program sequences of system calls
In this paper we present a new method to process sequences of system calls for anomaly intrusion detection. The key idea is to build a multi-layer model of program behaviours based on both hidden Markov models and enumerating methods for anomaly intrusion detection, which differs from the conventional single layer approach. Our experiments on Unix sendmail program have shown that the model is b...
متن کامل