A New Anomaly Detection Method Based on Rough Set Reduction and HMM

Author

Zeng, Fanping ; Kaitao Yin ; Chen, Minghui ; Wang, Xufa

Author_Institution

Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China

fYear

2009

fDate

1-3 June 2009

Firstpage

285

Lastpage

289

Abstract

Over the past few years, anomaly detection has been an increasing concern with the rapid growth of the network security. Hidden Markov model (HMM) has been applied in various methods in intrusion detection and proved to be a good tool to model normal behaviors of privileged processes, however, one major problem with this approach is that it demands excessive computing resources and costs a long model training time, which makes it inefficient for practical intrusion detection. This paper presents a new method of bringing rough set reduction into HMM to overcome the shortcoming. The proposed approach classifies and simplifies the long observation sequence by virtue of rough set reduction, and the decision conditions obtained in rough set reduction phase could be used in further detection. The experimental results indicate that this method can promote the model training efficiency. Further-more, it is suitable for anomaly detection with high detect rate and low false alarm rate.

Keywords

hidden Markov models; rough set theory; security of data; anomaly detection; hidden Markov model; intrusion detection; network security; rough set reduction; Computer networks; Computer security; Costs; Electronic mail; Hidden Markov models; Information science; Intrusion detection; Phase detection; Set theory; Software; Hidden Markov model; anomaly detection; decision condition; rough set reduction; system call;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on

Conference_Location

Shanghai

Print_ISBN

978-0-7695-3641-5

Type

conf

DOI

10.1109/ICIS.2009.140

Filename

5222872