Title :
Markov chains in network intrusion detection
Author :
Hixon, Rena ; Gruenbacher, Don M.
Author_Institution :
Electr. & Comput. Eng., Wichita State Univ., KS, USA
Abstract :
Connectivity of computers around the world has escalated the importance of computer security. Intrusion detection adds another dimension to computer security. When prevention methods fail, intrusion detection systems recognize attacks as they occur. This research concentrates on network packets and examines the data in the TCP and IP headers. Markov chains are used to describe the normal transitions that occur for different TCP and IP header values. They have previously been used in intrusion detection, mostly for host-based detection. Another work introduced the concept of Markov chains in network-based detection. The purpose of this research is to show that TCP/IP header fields can be used to flag packets that do not occur as often in training data and that those packets may potentially be attack packets.
Keywords :
Markov processes; authorisation; computer networks; packet switching; transport protocols; Markov chain; TCP/IP header fields; computer security attack; intrusion detection system; network intrusion detection; network packets; Access protocols; Computer security; Equations; IP networks; Intelligent networks; Intrusion detection; Network servers; TCPIP; Training data;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437849
