Title :
Evolving HMMs for Network Anomaly Detection – Learning through Evolutionary Computation
Author :
Flores, Juan J. ; Antolino, Anastacio ; Garcia, Juan M.
Author_Institution :
Div. de Estudios de Posgrado, Univ. Michoacana, Morelia, Mexico
Abstract :
This paper reports the results of a system that performs network anomaly detection through the use of Hidden Markov Models (HMMs). The HMMs used to detect anomalies are designed and trained using Genetic Algorithms (GAs). The use of GAs helps automating the use of HMMs, by liberating users from the need of statistical knowledge, assumed by software that trains HMMs from data. The number of states, connections and weights, and probability distributions of states are determined by the GA. Results are compared to those obtained with the Baum-Welch algorithm, proving that in all cases that we tested GA outperforms Baum-Welch. The best of the evolved HMMs was used to perform anomaly detection in network traffic activity with real data.
Keywords :
Markov processes; evolutionary computation; genetic algorithms; learning (artificial intelligence); probability; security of data; HMMs; evolutionary computation; genetic algorithms; hidden Markov models; learning; network anomaly detection; network traffic activity; probability distributions; statistical knowledge; Computer networks; Computer security; Data security; Evolutionary computation; Genetic algorithms; Hidden Markov models; Pattern recognition; Signal processing algorithms; Stochastic processes; Telecommunication traffic; Anomaly Detection; Baum-Welch; GAs; HMMs;
Conference_Titel :
Networking and Services (ICNS), 2010 Sixth International Conference on
Conference_Location :
Cancun
Print_ISBN :
978-1-4244-5927-8
DOI :
10.1109/ICNS.2010.44
