A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection

IEEE Network

Volumn 23, Issue 1, 2009, Pages 42-47

  Hu, Jiankun ^a   Yu, Xinghuo ^a   Qiu, Dong ^a   Chen, Hsiao Hwa ^b  

^a RMIT UNIVERSITY   (Australia)

^b NATIONAL CHENG KUNG UNIVERSITY   (Taiwan)

Author keywords

Data mining; Databases; Hidden Markov models; Intrusion detection; Probability density function; Security; Training

Indexed keywords

ANOMALY INTRUSION DETECTIONS; DATA PRE-PROCESSING; DATABASES; DETECTION PERFORMANCE; FALSE ALARM RATES; HMM TRAININGS; HOST-BASED; MAXIMUM GAINS; NETWORK IDS; NETWORK-BASED INTRUSION DETECTION SYSTEMS; PUBLIC DATABASE; RESEARCH ACTIVITIES; SECURITY; SPEED-UP; TRAINING; TRAINING TIME;

ALARM SYSTEMS; COMPUTATIONAL GRAMMARS; COMPUTER CRIME; DATA REDUCTION; DEGRADATION; HIDDEN MARKOV MODELS; INFORMATION MANAGEMENT; OBJECT RECOGNITION; PROBABILITY DENSITY FUNCTION; WAVELET TRANSFORMS;

INTRUSION DETECTION;

EID: 65249107163     PISSN: 08908044     EISSN: None     Source Type: Journal    
DOI: 10.1109/MNET.2009.4804323     Document Type: Article

References (15)

1. D. Denning, "An Intrusion-Detection Model," Proc. 1986 EEE Symp. Sec. Privacy, Apr. 7-9, 1986, pp. 118-31.
2. J. Hu, P. Bertok, and Z. Tari, "Taxonomy and Framework for Integrating Dependability and Security," in Information Assurance: Dependability and Security in Networked Systems, Y. Qian et al., Eds., Elsevier, 2008, pp. 149-70.
3. X. D. Hoang and J. Hu, "An Efficient Hidden Markov Model Training Scheme for Anomaly Intrusion Detection of Server Applications Based on System Calls," IEEE Int'l. Conf. Net. '04, Singapore, Nov. 16-19, 2004, vol. 2, pp. 470-74.
4. X. D. Hoang, J. Hu, and P. Bertok, "A Multi-Layer Model for Anomaly Intrusion Detection using Program Sequences of System Calls," Proc. 11th IEEE Int'l. Conf. Net., Sydney, Australia, Sept. 28-Oct. 1, 2003, pp. 531-36.
5. A. Patcha and J. Park, "An Overview of Anomaly Detection Techniques: Existing Solutions and Latest Technological Trends," Comp. Networks vol. 51, Aug. 2007, pp. 3448-70.
6. Sophos, "Breaking News: Worm Attacks CNN, ABC, Financial Times, and The New York Times," Aug. 16, 2005, retrieved Oct. 26, 2005; http://www.sophos.com/virusinfo/articles/breakingnews.html
7. W. Lee and S. I. Stolfo, "A Framework for Constructing Features and Models for Intrusion Detection Systems," ACM Trans. Info. Sys. Sec. vol. 3, no. 4, Nov. 2000, pp. 227-61.
8. S. Forrest, S. A. Hofmeyr, and A. Somdyaji, "Intrusion Detection Using Sequences of System Calls." J. Comp. Sec., vol. 6, 1998, pp. 151-80.
9. C. Warrender, S. Forrest, and B. Perlmutter, "Detecting Intrusions Using System Calls: Alternative Data Models," Proc. 1999 IEEE Comp. Soc. Symp. Research Sec. Privacy, Berkeley, CA, May 1999, pp. 133-45.
10. D. Hoang, J. Hu, and P. Bertok, "Intrusion Detection Based on Data Mining," 5th Int'l. Conf. Enterprise Info. Sys., Angers, France, vol. 3, Apr. 23-26, 2003, pp. 341-46.
11. D. Qiu, "Efficient Training for HMM-based Anomaly Detection System Using Correlation Method," Honors Thesis, RMIT University, 2008.
12. L. R. Rabiner, "A Tutorial on Hidden Markov Models and Selected Applications in Speech Recognition," Proc. IEEE, vol. 77, 1989, pp 257-86.
13. R. I. A. Davis, B. C. Lovell, and T. Caelli, "Improved Estimation of Hidden Markov Model Parameters from Multiple Observation Sequences" Proc. 16th Int'l. Conf. Pattern Recognition, vol. 2, 2002, pp. 168-71.
14. Y. Gotoh, M. M. Hochberg, and H. F. Silverman," Efficient Training Algorithm for HMM's Using Incremental Estimation," Speech Audio Processing, vol. 6, no. 6, 1998, pp. 539-48.
15. University of New Mexico's Computer Systems Project, Oct. 24, 2008; http://www.cs.unm.edu/immsec/systemcalls.htm