A hidden Markov models-based anomaly intrusion detection method

by: Ye Du, Huiqiang Wang, Yonggang Pang

Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on, Vol. 5 (2004), pp. 4348-4351 Vol.5.

View FullText article

IEEE Explore

Reviews [Write a review of this article]

There are no reviews of this article

Find related articles from these CiteULike users

sunniesheu, mdhussein, satnamsingh

Find related articles with these CiteULike tags

anomaly, detection, intrusion_detection, markov, no-tag

Abstract

Intrusion detection has emerged as an important approach to security problems. The existing techniques are analyzed, and then an effective anomaly detection method based on HMMs (hidden Markov models) is proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs to train and test models. The RP (relative probability) value, which uses short sequences as inputs, is computed to classify normal and abnormal behaviors. The algorithm is simple and can be directly applied. Experiments on sendmail and lpr traces demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.

@inproceedings{citeulike:363240, abstract = {Intrusion detection has emerged as an important approach to security problems. The existing techniques are analyzed, and then an effective anomaly detection method based on HMMs (hidden Markov models) is proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs to train and test models. The RP (relative probability) value, which uses short sequences as inputs, is computed to classify normal and abnormal behaviors. The algorithm is simple and can be directly applied. Experiments on sendmail and lpr traces demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.}, author = {Du, Ye and Wang, Huiqiang and Pang, Yonggang }, citeulike-article-id = {363240}, journal = {Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on}, keywords = {anomaly, intrusion\_detection, markov}, pages = {4348--4351 Vol.5}, posted-at = {2005-10-26 05:04:02}, priority = {2}, title = {A hidden Markov models-based anomaly intrusion detection method}, url = {http://ieeexplore.ieee.org/xpls/abs\_all.jsp?arnumber=1342334}, volume = {5}, year = {2004} }

RIS record

TY - CONF ID - citeulike:363240 L3 - citeulike-article-id:363240 TI - A hidden Markov models-based anomaly intrusion detection method JF - Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on VL - 5 SP - 4348 EP - 4351 Vol.5 N2 - Intrusion detection has emerged as an important approach to security problems. The existing techniques are analyzed, and then an effective anomaly detection method based on HMMs (hidden Markov models) is proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs to train and test models. The RP (relative probability) value, which uses short sequences as inputs, is computed to classify normal and abnormal behaviors. The algorithm is simple and can be directly applied. Experiments on sendmail and lpr traces demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions. KW - anomaly KW - intrusion_detection KW - markov AU - Du, Ye AU - Wang, Huiqiang AU - Pang, Yonggang PY - 2004/// UR - http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1342334 ER -

RIS BibTeX