Anomaly Intrusion Detection System Using Gaussian Mixture Model

Author

Bahrololum, M. ; Khaleghi, M.

Author_Institution

Iran Telecommun. Res. Center, Tehran

Volume

1

fYear

2008

fDate

11-13 Nov. 2008

Firstpage

1162

Lastpage

1167

Abstract

Intrusion detection systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in intrusion detection systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal behavior. We have proposed an approach of anomaly intrusion detection system by using Gaussian mixture model. This method learns patterns of normal and intrusive activities to classify that use a set of Gaussian probability distribution functions. The use of maximum likelihood in detection phase has used the deviation between current and reference behavior. GMM is evaluated by dataset KDD99 without any special hardware requirements. Experimental results show that this method is able to reducing the missing alarm. Moreover, this model is a fast method for detecting the unknown attacks.

Keywords

Gaussian distribution; maximum likelihood detection; security of data; Gaussian mixture model; Gaussian probability distribution; anomaly intrusion detection system; computer network; maximum likelihood detection; security threat; Computer networks; Computer security; Databases; Intrusion detection; Maximum likelihood detection; Phase detection; Probability distribution; Probes; Telecommunication traffic; Traffic control; Anomaly detection; Gaussian Mixture Model; Intrusion Detection; Pattern Matching;

fLanguage

English

Publisher

ieee

Conference_Titel

Convergence and Hybrid Information Technology, 2008. ICCIT '08. Third International Conference on

Conference_Location

Busan

Print_ISBN

978-0-7695-3407-7

Type

conf

DOI

10.1109/ICCIT.2008.17

Filename

4682192