HMMs for anomaly intrusion detection
作者: Ye Du , Huiqiang Wang , Yonggang Pang
DOI: 10.1007/978-3-540-30497-5_108
关键词:
摘要: Anomaly intrusion detection focuses on modeling normal behaviors and identifying significant deviations, which could be novel attacks. The existing techniques in that domain were analyzed, then an effective anomaly method based HMMs (Hidden Markov Models) was proposed to learn patterns of Unix processes. Fixed-length sequences system calls extracted from traces programs train test models. Both temporal orderings parameters taken into considered this method. RP (Relative Probability) value, used short as inputs, computed classify abnormal behaviors. algorithm is simple can directly applied. Experiments sendmail lpr demonstrate the construct accurate concise discriminator detect intrusive actions.
springer.com
sci-hub.st 参考文章(12)
Nong Ye, A Markov Chain Model of Temporal Behavior for Anomaly Detection information assurance and security. ,(2000)
Debra Anderson, Thane Frivold, Alfonso Valdes, Next-generation Intrusion Detection Expert System (NIDES)A Summary ,(1997)
Udo W. Pooch, Curtis A. Carver, Adaptive agent-based intrusion response Texas A&M University. ,(2001)
Steven A. Hofmeyr, Stephanie Forrest, Architecture for an Artificial Immune System Evolutionary Computation. ,vol. 8, pp. 443- 473 ,(2000) , 10.1162/106365600568257
Dit-Yan Yeung, Yuxin Ding, Host-based intrusion detection using dynamic and static behavioral models Pattern Recognition. ,vol. 36, pp. 229- 243 ,(2003) , 10.1016/S0031-3203(02)00026-2
S. Jha, K. Tan, R.A. Maxion, Markov chains, classifiers, and intrusion detection ieee computer security foundations symposium. pp. 206- 219 ,(2001) , 10.1109/CSFW.2001.930147
E. Eskin, Wenke Lee, S.J. Stolfo, Modeling system calls for intrusion detection with dynamic window sizes darpa information survivability conference and exposition. ,vol. 1, pp. 165- 175 ,(2001) , 10.1109/DISCEX.2001.932213
L.R. Rabiner, A tutorial on hidden Markov models and selected applications in speech recognition Proceedings of the IEEE. ,vol. 77, pp. 267- 296 ,(1989) , 10.1109/5.18626
Anil Somayaji, Steven A. Hofmeyr, Thomas A. Longstaff, Stephanie Forrest, A sense of self for Unix processes ieee symposium on security and privacy. pp. 120- 128 ,(1996) , 10.5555/525080.884258
C. Warrender, S. Forrest, B. Pearlmutter, Detecting intrusions using system calls: alternative data models ieee symposium on security and privacy. pp. 133- 145 ,(1999) , 10.1109/SECPRI.1999.766910