• DocumentCode
    3309166
  • Title

    Markov chains in network intrusion detection

  • Author

    Hixon, Rena ; Gruenbacher, Don M.

  • Author_Institution
    Electr. & Comput. Eng., Wichita State Univ., KS, USA
  • fYear
    2004
  • fDate
    10-11 June 2004
  • Firstpage
    432
  • Lastpage
    433
  • Abstract
    Connectivity of computers around the world has escalated the importance of computer security. Intrusion detection adds another dimension to computer security. When prevention methods fail, intrusion detection systems recognize attacks as they occur. This research concentrates on network packets and examines the data in the TCP and IP headers. Markov chains are used to describe the normal transitions that occur for different TCP and IP header values. They have previously been used in intrusion detection, mostly for host-based detection. Another work introduced the concept of Markov chains in network-based detection. The purpose of this research is to show that TCP/IP header fields can be used to flag packets that do not occur as often in training data and that those packets may potentially be attack packets.
  • Keywords
    Markov processes; authorisation; computer networks; packet switching; transport protocols; Markov chain; TCP/IP header fields; computer security attack; intrusion detection system; network intrusion detection; network packets; Access protocols; Computer security; Equations; IP networks; Intelligent networks; Intrusion detection; Network servers; TCPIP; Training data;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
  • Print_ISBN
    0-7803-8572-1
  • Type

    conf

  • DOI
    10.1109/IAW.2004.1437849
  • Filename
    1437849
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3309166