Polymorphic Code Detection with GA Optimized Markov Models
نویسندگان
چکیده
This paper presents our progression in the search for reliable anomaly-based intrusion detection mechanisms. We investigated different options of stochastic techniques. We started our investigations with Markov chains to detect abnormal traffic. The main aspect in our prior work was the optimization of transition matrices to obtain better detection accuracy. First, we tried to automatically train the transition matrix with normal traffic. Then, this transition matrix was used to calculate the probabilities of a dedicated Markov sequence. This transition matrix was used to find differences between the trained normal traffic and characteristic parts of a polymorphic shellcode. To improve the efficiency of this automatically trained transition matrix, we modified some entries in a way that byte-sequences of typical shellcodes substantially differs from normal network behavior. But this approach did not meet our requirements concerning generalization. Therefore we searched for automatic methods to improve the matrix. Genetic algorithms are adequate tools if just little knowledge about the search space is available and the complexity of the problem is very hard (NP-complete).
منابع مشابه
Evaluation of [67Ga] citrate in the detection of various microorganism infections in animal models
Introduction: Gallium-67 citrate has been known as a good infection agent in nuclear medicine for decades. In this work the value of 67Ga-citrate has been investigated in infected animal models using SPECT imaging at optimized/standardized conditions. Methods: The bacterial (Staphylococcus aureus; S.a. and Escherichia coli; E.c.) and fungal (<em...
متن کاملSpeech enhancement based on hidden Markov model using sparse code shrinkage
This paper presents a new hidden Markov model-based (HMM-based) speech enhancement framework based on the independent component analysis (ICA). We propose analytical procedures for training clean speech and noise models by the Baum re-estimation algorithm and present a Maximum a posterior (MAP) estimator based on Laplace-Gaussian (for clean speech and noise respectively) combination in the HMM ...
متن کاملEvolving Hidden Markov Models For Network Anomaly Detection
This paper reports the results of a system that performs network anomaly detection through the use of Hidden Markov Models (HMMs). The HMMs used to detect anomalies are designed and trained using Genetic Algorithms (GAs). The use of GAs helps automating the use of HMMs, by liberating users from the need of statistical knowledge, assumed by software that trains HMMs from data. The number of stat...
متن کاملDesign of a Fluorescent Sensor Based on the Polydopamine Nanoparticles for Detection of Gallic Acid
Background: Gallic acid (GA) is one of the polyphenolic compounds with antioxidant, antimicrobial and radical scavenging activities, which plays a main role in human health against cancer and cardiovascular diseases. GA concentration can be quantitatively measured in food, medicinal plants and body fluids. Materials and Methods: In this study, MnO2 nanosheets were prepared by reducing potassium...
متن کاملGenetic algorithm based Finite State Markov Channel modeling
Statistical properties of the error sequences produced by fading channels with memory have a strong influence over the performance of high layer protocols and error control codes. Finite State Markov Channel (FSMC) models can represent the temporal correlations of these sequences efficiently and accurately. This paper proposes a simple genetic algorithm (GA) based search for the optimum state t...
متن کامل