Effective intrusion type identification with edit distance for HMM-based anomaly detection system

被引:0
|
作者
Koo, JM [1 ]
Cho, SB [1 ]
机构
[1] Yonsei Univ, Dept Comp Sci, Seoul 120749, South Korea
来源
PATTERN RECOGNITION AND MACHINE INTELLIGENCE, PROCEEDINGS | 2005年 / 3776卷
关键词
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.
引用
收藏
页码:222 / 228
页数:7
相关论文
共 50 条
  • [1] HMM-based graph edit distance for image indexing
    Xiao, Bing
    Gao, Xinbo
    Tao, Dacheng
    Li, Xuelong
    [J]. INTERNATIONAL JOURNAL OF IMAGING SYSTEMS AND TECHNOLOGY, 2008, 18 (2-3) : 209 - 218
  • [2] A HMM-BASED METHOD FOR ANOMALY DETECTION
    Wang, Fei
    Zhu, Hongliang
    Tian, Bin
    Xin, Yang
    Niu, Xinxin
    Yang, Yu
    [J]. 2011 4TH IEEE INTERNATIONAL CONFERENCE ON BROADBAND NETWORK AND MULTIMEDIA TECHNOLOGY (4TH IEEE IC-BNMT2011), 2011, : 276 - 280
  • [3] HMM-based Intrusion Detection System for Software Defined Networking
    Hurley, Trae
    Perdomo, Jorge E.
    Perez-Pons, Alexander
    [J]. 2016 15TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA 2016), 2016, : 617 - 621
  • [4] Adversarial Data Augmentation for HMM-Based Anomaly Detection
    Castellini, Alberto
    Masillo, Francesco
    Azzalini, Davide
    Amigoni, Francesco
    Farinelli, Alessandro
    [J]. IEEE TRANSACTIONS ON PATTERN ANALYSIS AND MACHINE INTELLIGENCE, 2023, 45 (12) : 14131 - 14143
  • [5] Anomaly intrusion detection method based on HMM
    Qiao, Y
    Xin, XW
    Bin, Y
    Ge, S
    [J]. ELECTRONICS LETTERS, 2002, 38 (13) : 663 - 664
  • [6] An HMM-Based Anomaly Detection Approach for SCADA Systems
    Stefanidis, Kyriakos
    Voyiatzis, Artemios G.
    [J]. INFORMATION SECURITY THEORY AND PRACTICE, WISTP 2016, 2016, 9895 : 85 - 99
  • [7] Study on HMM Based Anomaly Intrusion Detection Using System Calls
    Shi Shang-zhe
    Sun Mei-feng
    [J]. PROCEEDINGS OF THE 2ND INTERNATIONAL CONFERENCE ON ELECTRONIC & MECHANICAL ENGINEERING AND INFORMATION TECHNOLOGY (EMEIT-2012), 2012, 23
  • [8] Viterbi algorithm for intrusion type identification in anomaly detection system
    Koo, JM
    Cho, SB
    [J]. INFORMATION SECURITY APPLICATIONS, 2003, 2908 : 97 - 110
  • [9] Two sophisticated techniques to improve HMM-based intrusion detection systems
    Cho, SB
    Han, SJ
    [J]. RECENT ADVANCES IN INTRUSION DETECTION, PROCEEDINGS, 2003, 2820 : 207 - 219
  • [10] Evaluation of HMM-Based Network Intrusion Detection System for Multiple Multi-Stage Attacks
    Shawly, Tawfeeq
    Khayat, Mosab
    Elghariani, Ali
    Ghafoor, Arif
    [J]. IEEE NETWORK, 2020, 34 (03): : 240 - 248
12345