High-order Markov kernels for intrusion detection

被引：15

作者：

Yin, Chuanhuan ^{[1
]}

Tian, Shengfeng ^{[1
]}

Mu, Shaomin ^{[1
,2
]}

机构：

[1] Beijing Jiaotong Univ, Sch Comp & Informat Technol, Beijing 100044, Peoples R China

[2] Shandong Agr Univ, Sch Informat Sci & Engn, Tai An 271018, Shandong, Peoples R China

来源：

NEUROCOMPUTING | 2008年 / 71卷 / 16-18期

关键词：

Markov kernels; String kernels; Intrusion detection; Suffix tree;

D O I：

10.1016/j.neucom.2008.04.041

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, one-class support vector machines (SVMs) using high-order Markov kernels are adopted as the anomaly detectors. This approach solves the problem of high-dimension parameter space. Furthermore, a rapid algorithm based on suffix tree is presented for the computation of Markov kernels in linear time. Experimental results show that the SVM with Markov kernels can produce good detection performance with low computational cost. (C) 2008 Elsevier B.V. All rights reserved.

引用

页码：3247 / 3252

页数：6

共 50 条

[21] HIGH-ORDER HIDDEN MARKOV MODELS - ESTIMATION AND IMPLEMENTATION
Hadar, Uri
Messer, Hagit
2009 IEEE/SP 15TH WORKSHOP ON STATISTICAL SIGNAL PROCESSING, VOLS 1 AND 2, 2009, : 249 - 252
[22] LIMIT DISTRIBUTION OF A HIGH-ORDER MARKOV-CHAIN
ADKE, SR
DESHMUKH, SR
JOURNAL OF THE ROYAL STATISTICAL SOCIETY SERIES B-METHODOLOGICAL, 1988, 50 (01): : 105 - 108
[23] High-order extensions of the double chain Markov model
Berchtold, A
STOCHASTIC MODELS, 2002, 18 (02) : 193 - 227
[24] Statically Discovering High-Order Taint Style Vulnerabilities in OS Kernels
Zhang, Hang
Chen, Weiteng
Hao, Yu
Li, Guoren
Zhai, Yizhuo
Zou, Xiaochen
Qian, Zhiyun
CCS '21: PROCEEDINGS OF THE 2021 ACM SIGSAC CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2021, : 811 - 824
[25] Measuring and partitioning the high-order linkage disequilibrium by multiple order Markov chains
Kim, Yunjung
Feng, Sheng
Zeng, Zhao-Bang
GENETIC EPIDEMIOLOGY, 2008, 32 (04) : 301 - 312
[26] Decomposition of conditional probability for high-order symbolic Markov chains
Melnik, S. S.
Usatenko, O. V.
PHYSICAL REVIEW E, 2017, 96 (01)
[27] Construction method of a high-order Markov chain usage model
Takagi, Tomohiko
Furukawa, Zengo
14TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE, PROCEEDINGS, 2007, : 120 - +
[28] Entropy of high-order Markov chains beyond the pair correlations
Melnik, S. S.
Usatenko, O. V.
PHYSICA A-STATISTICAL MECHANICS AND ITS APPLICATIONS, 2018, 506 : 208 - 216
[29] Efficient backward decoding of high-order hidden Markov models
Engelbrecht, H. A.
du Preez, J. A.
PATTERN RECOGNITION, 2010, 43 (01) : 99 - 112
[30] Recurrent Neural Hidden Markov Model for High-order Transition
Hiraoka, Tatsuya
Takase, Sho
Uchiumi, Kei
Keyaki, Atsushi
Okazaki, Naoaki
ACM TRANSACTIONS ON ASIAN AND LOW-RESOURCE LANGUAGE INFORMATION PROCESSING, 2022, 21 (02)

← 1 2 3 4 5 →