• DocumentCode
    1563154
  • Title

    A hidden Markov models-based anomaly intrusion detection method

  • Author

    Du, Ye ; Wang, Huiqiang ; Pang, Yonggang

  • Author_Institution
    Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., China
  • Volume
    5
  • fYear
    2004
  • Firstpage
    4348
  • Abstract
    Intrusion detection has emerged as an important approach to security problems. The existing techniques are analyzed, and then an effective anomaly detection method based on HMMs (hidden Markov models) is proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs to train and test models. The RP (relative probability) value, which uses short sequences as inputs, is computed to classify normal and abnormal behaviors. The algorithm is simple and can be directly applied. Experiments on sendmail and lpr traces demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.
  • Keywords
    Unix; hidden Markov models; learning (artificial intelligence); probability; security of data; sequences; Unix processes; discriminator; fixed length sequences; hidden Markov models; intrusion detection; intrusive action detection; lpr program; machine learning; relative probability value; security; sendmail program; short sequences; Computer science; Educational institutions; Hidden Markov models; Immune system; Information security; Intrusion detection; Machine learning; Machine learning algorithms; Neural networks; System testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on
  • Print_ISBN
    0-7803-8273-0
  • Type

    conf

  • DOI
    10.1109/WCICA.2004.1342334
  • Filename
    1342334
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1563154