Probabilistic approach for Intrusion Detection System - FOMC technique

Detection of unexpected and emerging new threats has become a necessity for secured internet communication with absolute data confidentiality, integrity, and availability. Design and development of such a detection system shall not only be new, accurate and fast but also effective in a dynamic environment encompassing the surrounding network. In this work, an attempt is made to design an intrusion detection model based on the probabilistic approach, first-order Markov chain process, to effectively detection and predict network intrusions. As a first step, the states are defined using clustering techniques for the network traffic profiles; secondly state transition probability matrix and initial probability distribution are determined based on the states defined. Based on the network states, the probability of event occurrence is stochastically measured if the value is lesser than the predefined probability then it event is predicted as anomaly. The proposed probabilistic model performance is evaluated through experiments using KDD Cup99 dataset. The proposed models achieve better detection rate while the attacks are detected in levels of stages.