Combining the HMM and the neural network models to recognize intrusions

Due to the excellent performance of the HMM (hidden Markov model) in pattern recognition, it has been widely used in voice recognition, text recognition. The HMM has also been applied to the intrusion detection. The intrusion detection method based on the HMM is more efficient than other methods. The HMM based intrusion detection method is composed by two processes: one is the HMM process; the other is the hard decision process, which is based on the profile database. Because of the dynamical behavior of system calls, the hard decision process based on the profile database cannot be efficient to detect novel intrusions. On the other hand, the profile database would consume many computer resources. For these reasons, the combined detection method was provided in This work. The neural network is a kind of artificial intelligence tool and is combined with the HMM to make soft decision. In the implementation, radial basis function model is used, because of its simplicity and its flexibility to adapt pattern changes. With the soft decision based on the neural network, the robustness and accurate rate of detection model are greatly improved. The efficiency of this method has been evaluated by the data set originated from New Mexico University.