A HMM-based method for anomaly detection

Author

Wang, Fei ; Zhu, Hongliang ; Tian, Bin ; Xin, Yang ; Niu, Xinxin ; Yang, Yu

Author_Institution

State Key Lab. of Networking & Switching Technol., Beijing Univ. of Posts & Telecommun., Beijing, China

fYear

2011

fDate

28-30 Oct. 2011

Firstpage

276

Lastpage

280

Abstract

Intrusion-detection systems (IDSs) are essential tools for the security of computer systems. Anomaly detection, which uses knowledge about normal behaviors and attempts to detect intrusions by noting significant deviations, has been paid more and more attention. In this paper, we introduce a HMM-based method for anomaly detection. The proposed method is composed of two important stages: off-line training stage and on-line testing stage. In the off-line training stage, we train the normal behaviors by hidden Markov models (HMMs). In the on-line testing stage, we make the final decision based on the minimum risk Bayesian decision theory. We deploy the method on an IDS system to evaluate its performance, and the experimental results demonstrate that our method can achieve satisfying results.

Keywords

Bayes methods; decision theory; hidden Markov models; security of data; HMM-based method; IDS system; anomaly detection; computer system security; hidden Markov models; intrusion-detection system; minimum risk Bayesian decision theory; off-line training stage; on-line testing stage; Accuracy; Hidden Markov models; Intrusion detection; Testing; Training; Training data; Vectors; Hidden Markov Model; Intrusion detection; Network security; anomaly detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Broadband Network and Multimedia Technology (IC-BNMT), 2011 4th IEEE International Conference on

Conference_Location

Shenzhen

Print_ISBN

978-1-61284-158-8

Type

conf

DOI

10.1109/ICBNMT.2011.6155940

Filename

6155940