A Markov Chain Model of Temporal Behavior for Anomaly Detection
نویسنده
چکیده
This paper presents an anomaly detection technique to detect intrusions into computer and network systems. In this technique, a Markov chain model is used to represent a temporal profile of normal behavior in a computer and network system. The Markov chain model of the norm profile is learned from historic data of the system’s normal behavior. The observed behavior of the system is analyzed to infer the probability that the Markov chain model of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The technique was implemented and tested on the audit data of a Sun Solaris system. The testing results showed that the technique clearly distinguished intrusive activities from normal activities in the testing data.
منابع مشابه
Sequential anomaly detection based on temporal-difference learning: Principles, models and case studies
Anomaly detection is an important problem that has been popularly researched within diverse research areas and application domains. One of the open problems in anomaly detection is the modeling and prediction of complex sequential data, which consist of a series of temporally related behavior patterns. In this paper, a novel sequential anomaly detection method based on temporal-difference (TD) ...
متن کاملTracking User Mobility to Detect Suspicious Behavior
Popularity of mobile devices is accompanied by widespread security problems, such as MAC address spoofing in wireless networks. We propose a probabilistic approach to temporal anomaly detection using smoothing technique for sparse data. Our technique builds up on the Markov chain, and clustering is presented for reduced storage requirements. Wireless networks suffer from oscillations between lo...
متن کاملDetection and prediction of land use/ land cover changes using Markov chain model and Cellular Automata (CA-Markov), (Case study: Darab plain)
unprincipled changes in land use are major challenges for many countries and different regions of the world, which in turn have devastating effects on natural resources, Therefore, the study of land-use changes has a fundamental and important role for environmental studies. The purpose of this study is to detect and predicting of land use/ land cover (LULC) changes in Darab plain through the Ma...
متن کاملApplication of Combined Local Object Based Features and Cluster Fusion for the Behaviors Recognition and Detection of Abnormal Behaviors
In this paper, we propose a novel framework for behaviors recognition and detection of certain types of abnormal behaviors, capable of achieving high detection rates on a variety of real-life scenes. The new proposed approach here is a combination of the location based methods and the object based ones. First, a novel approach is formulated to use optical flow and binary motion video as the loc...
متن کاملA New Model to Speculate CLV Based on Markov Chain Model
The present study attempts to establish a new framework to speculate customer lifetime value by a stochastic approach. In this research the customer lifetime value is considered as combination of customer’s present and future value. At first step of our desired model, it is essential to define customer groups based on their behavior similarities, and in second step a mechanism to count current ...
متن کامل