WORKLOAD HIDDEN MARKOV MODEL FOR ANOMALY DETECTION
作者: Tomás Navarrete , Carlos Orozco , Juan Manuel García
DOI:
关键词:
摘要: We present an approach to anomaly detection based on the construction of a Hidden Markov Model trained processor workload data. Based load measurements, HMM is constructed as model system normal behavior. Any observed sequence measurements that unlikely generated by then considered anomaly. test our taking real data mail server construct and we it under several experimental conditions including simulated DoS attacks. show some evidence suggesting this method could be successful detect attacks or misuse directly affects performance.
参考文章(17)
Michael I Jordan, Zoubin Ghahramani, Tommi S Jaakkola, Lawrence K Saul, None, An introduction to variational methods for graphical models Machine Learning. ,vol. 37, pp. 105- 161 ,(1999) , 10.1023/A:1007665907178
Charles Wright, Fabian Monrose, Gerald M. Masson, HMM profiles for network traffic classification visualization for computer security. pp. 9- 15 ,(2004) , 10.1145/1029208.1029211
Wenke Lee, Salvatore J. Stolfo, Kui W. Mok, Mining in a data-flow environment: experience in network intrusion detection knowledge discovery and data mining. pp. 114- 124 ,(1999) , 10.1145/312129.312212
Mark Burgess, Hårek Haugerud, Sigmund Straumsnes, Trond Reitan, Measuring system normality ACM Transactions on Computer Systems. ,vol. 20, pp. 125- 160 ,(2002) , 10.1145/507052.507054
Terran Lane, Carla E. Brodley, Temporal sequence learning and data reduction for anomaly detection ACM Transactions on Information and System Security. ,vol. 2, pp. 295- 331 ,(1999) , 10.1145/322510.322526
Wenke Lee, Salvatore J. Stolfo, A framework for constructing features and models for intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 227- 261 ,(2000) , 10.1145/382912.382914
Zoubin Ghahramani, None, An introduction to hidden Markov models and Bayesian networks International Journal of Pattern Recognition and Artificial Intelligence. ,vol. 15, pp. 9- 42 ,(2001) , 10.1142/S0218001401000836
R. Presuhn, Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) RFC. ,vol. 3418, pp. 1- 26 ,(2002)
Anil Somayaji, Steven A. Hofmeyr, Thomas A. Longstaff, Stephanie Forrest, A sense of self for Unix processes ieee symposium on security and privacy. pp. 120- 128 ,(1996) , 10.5555/525080.884258
C. Ko, M. Ruschitzka, K. Levitt, Execution monitoring of security-critical programs in distributed systems: a specification-based approach ieee symposium on security and privacy. pp. 175- 187 ,(1997) , 10.1109/SECPRI.1997.601332