Title :
A hidden Markov models-based anomaly intrusion detection method
Author :
Du, Ye ; Wang, Huiqiang ; Pang, Yonggang
Author_Institution :
Coll. of Comput. Sci. & Technol., Harbin Eng. Univ., China
Abstract :
Intrusion detection has emerged as an important approach to security problems. The existing techniques are analyzed, and then an effective anomaly detection method based on HMMs (hidden Markov models) is proposed to learn patterns of Unix processes. Fixed-length sequences of system calls were extracted from traces of programs to train and test models. The RP (relative probability) value, which uses short sequences as inputs, is computed to classify normal and abnormal behaviors. The algorithm is simple and can be directly applied. Experiments on sendmail and lpr traces demonstrate that the method can construct accurate and concise discriminator to detect intrusive actions.
Keywords :
Unix; hidden Markov models; learning (artificial intelligence); probability; security of data; sequences; Unix processes; discriminator; fixed length sequences; hidden Markov models; intrusion detection; intrusive action detection; lpr program; machine learning; relative probability value; security; sendmail program; short sequences; Computer science; Educational institutions; Hidden Markov models; Immune system; Information security; Intrusion detection; Machine learning; Machine learning algorithms; Neural networks; System testing;
Conference_Titel :
Intelligent Control and Automation, 2004. WCICA 2004. Fifth World Congress on
Print_ISBN :
0-7803-8273-0
DOI :
10.1109/WCICA.2004.1342334
