Combining Hidden Markov Models for improved anomaly detection

IEEE International Conference on Communications

Volumn , Issue , 2009, Pages

  Khreich, Wael ^a   Granger, Eric ^a   Sabourin, Robert ^a   Miri, Ali ^b  

^a ÉCOLE DE TECHNOLOGIE SUPÉRIEURE   (Canada)

^b UNIVERSITY OF OTTAWA   (Canada)

Author keywords

Anomaly detection; Hidden Markov models; Host based intrusion detection systems; Multi classifier systems

Indexed keywords

ALPHABET SIZE; ANOMALY DETECTION; CRITICAL PARAMETER; DATA SETS; HIDDEN STATE; HOST BASED INTRUSION DETECTION SYSTEMS; HOST-BASED INTRUSION DETECTION SYSTEM; IRREGULARITY INDEX; MULTI-CLASSIFIER SYSTEMS; OPERATING SYSTEM KERNEL; RECEIVER OPERATING CHARACTERISTICS; SEQUENCE MATCHING; SINGLE-VALUE; STORAGE OVERHEAD; SYSTEM BEHAVIORS; SYSTEM CALLS; TRAINING DATA; TRAINING SETS;

CLASSIFIERS; COMPUTATIONAL GRAMMARS; COMPUTER CRIME; COMPUTER OPERATING SYSTEMS; INTRUSION DETECTION; LEARNING SYSTEMS;

HIDDEN MARKOV MODELS;

EID: 70449499748     PISSN: 05361486     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICC.2009.5198832     Document Type: Conference Paper

References (17)

1. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff, "A sense of self for Unix processes," in Proc. of the 1996 IEEE Symp. on Research in Security and Privacy, pp. 120-128, 1996.
2. C. Warrender, S. Forrest, and B. Pearlmutter, "Detecting intrusions using system calls: alternative data models," in Proc. of the IEEE Computer Society Symp. on Research in Security and Privacy, pp. 133-45, 1999.
3. L. Rabiner, "A tutorial on HMM and selected applications in speech recognition," Proc. of the IEEE, vol. 77, no. 2, pp. 257-286, 1989.
4. B. Gao, H.-Y. Ma, and Y.-H. Yang, "HMMs based on anomaly intrusion detection method," Proc. of 2002 Int'l Conf. on Machine Learning and Cybernetics, vol. 1, pp. 381-385, 2002.
5. X. D. Hoang, J. Hu, and P. Bertok, "A multi-layer model for anomaly intrusion detection," in IEEE Int'l Conf. on Networks, vol. 1, pp. 531-536, 2003.
6. X. Hoang and J. Hu, "An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls," in IEEE Int'l Conf. on Networks, vol. 2, pp. 470-474, 2004.
7. W. Wang, X.-H. Guan, and X.-L. Zhang, "Modeling program behaviors by HMMs for intrusion detection," Proc. of 2004 Int'l Conf. on Machine Learning and Cybernetics, vol. 5, pp. 2830-2835, 2004.
8. M. J. J. Scott, M. Niranjan, and R. W. Prager, "Realisable classifiers: Improving operating performance on variable cost problems," in Proc. of the 9th British Machine Vision Conference, vol. 1, (University of Southampton, UK), pp. 304-315, Sep 1998.
9. J. Choy and S.-B. Cho, "Intrusion detection by combining multiple HMMs," PRICAI 2000 Topics in Artificial Intelligence, vol. 1886, pp. 829-829, 2000.
10. T. Fawcett, "An introduction to ROC analysis," Pattern Recogn. Lett., vol. 27, no. 8, pp. 861-874, 2006.
11. L. E. Baum, G. S. Petrie, and N. Weiss, "A maximization technique occuring in the statistical analysis of probabilistic functions of Markov chains," Ann. Math. Stat., vol. 41, no. 1, pp. 164-171, 1970.
12. D.-Y. Yeung and Y. Ding, "Host-based intrusion detection using dynamic and static behavioral models," Pattern Recognition, vol. 36, no. 1, pp. 229-243, 2003.
13. J. Fürnkranz and P. Flach, "An analysis of rule evaluation metrics," in Proc. of the 20th Int'l Conf. on Machine Learning, vol. 1, pp. 202-209, 2003.
14. R. Maxion and K. Tan, "Benchmarking anomaly-based detection systems," in Proc. of the 2000 Int'l Conf. on Dependable Systems and Networks, pp. 623-630, 2000.
15. K. Tan and R. Maxion, ""Why 6?" Defining the operational limits of stide, an anomaly-based intrusion detector," in IEEE Symp. on Security and Privacy, pp. 188-201, 2002.
16. K. Tan and R. Maxion, "Determining the operational limits of an anomaly-based intrusion detector," IEEE J. on Selected Areas in Communications, vol. 21, no. 1, pp. 96-110, 2003.
17. W. Lee and D. Xiang, "Information-theoretic measures for anomaly detection," in Proc. of the 2001 IEEE Symp. on Security and Privacy, pp. 130-143, 2001.