A Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection
نویسندگان
چکیده
This paper aims to analyse the performance of Hidden Markov Model (HMM) and Support Vector Machine (SVM) for anomaly intrusion detection. These techniques discriminate between normal and abnormal behaviour of network traffic. The specific focus of this study is to investigate and identify distinguishable TCP services that comprise of both normal and abnormal types of TCP packets, using J48 decision tree algorithm. The publicly available KDD Cup 1999 dataset has been used in training and evaluation of such techniques. Experimental results demonstrate that the HMM is able to classify network traffic with approximately 76% to 99% accuracy while SVM classifies it with approximately 80% to 99% accuracy. Keywords-Hidden Markov Model, Support Vector Machine, Distinguishable TCP Services, Anomaly Intrusion Detection
منابع مشابه
Anomaly Detection Using SVM as Classifier and Decision Tree for Optimizing Feature Vectors
Abstract- With the advancement and development of computer network technologies, the way for intruders has become smoother; therefore, to detect threats and attacks, the importance of intrusion detection systems (IDS) as one of the key elements of security is increasing. One of the challenges of intrusion detection systems is managing of the large amount of network traffic features. Removing un...
متن کاملIntrusion Detection Using Evolutionary Hidden Markov Model
Intrusion detection systems are responsible for diagnosing and detecting any unauthorized use of the system, exploitation or destruction, which is able to prevent cyber-attacks using the network package analysis. one of the major challenges in the use of these tools is lack of educational patterns of attacks on the part of the engine analysis; engine failure that caused the complete training, ...
متن کاملNovel machine learning techniques for anomaly intrusion detection
Novel machine learning techniques for anomaly intrusion detection" (2004). ABSTRACT This paper explores the methodology of using kernels and Support Vector Machine (SVM) for intrusion detection. A new insight into two well known anomaly detection algorithms-STIDE and Markov Chain anomaly detectors, is achieved using kernel theory. We introduce two new classes of kernels used for intrusion detec...
متن کاملA multi-layer model for anomaly intrusion detection using program sequences of system calls
In this paper we present a new method to process sequences of system calls for anomaly intrusion detection. The key idea is to build a multi-layer model of program behaviours based on both hidden Markov models and enumerating methods for anomaly intrusion detection, which differs from the conventional single layer approach. Our experiments on Unix sendmail program have shown that the model is b...
متن کاملHidden Markov Anomaly Detection
We introduce a new anomaly detection methodology for data with latent dependency structure. As a particular instantiation, we derive a hidden Markov anomaly detector that extends the regular one-class support vector machine. We optimize the approach, which is non-convex, via a DC (difference of convex functions) algorithm, and show that the parameter ν can be conveniently used to control the nu...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013