Title :
A New Anomaly Detection Method Based on Rough Set Reduction and HMM
Author :
Zeng, Fanping ; Kaitao Yin ; Chen, Minghui ; Wang, Xufa
Author_Institution :
Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China
Abstract :
Over the past few years, anomaly detection has been an increasing concern with the rapid growth of the network security. Hidden Markov model (HMM) has been applied in various methods in intrusion detection and proved to be a good tool to model normal behaviors of privileged processes, however, one major problem with this approach is that it demands excessive computing resources and costs a long model training time, which makes it inefficient for practical intrusion detection. This paper presents a new method of bringing rough set reduction into HMM to overcome the shortcoming. The proposed approach classifies and simplifies the long observation sequence by virtue of rough set reduction, and the decision conditions obtained in rough set reduction phase could be used in further detection. The experimental results indicate that this method can promote the model training efficiency. Further-more, it is suitable for anomaly detection with high detect rate and low false alarm rate.
Keywords :
hidden Markov models; rough set theory; security of data; anomaly detection; hidden Markov model; intrusion detection; network security; rough set reduction; Computer networks; Computer security; Costs; Electronic mail; Hidden Markov models; Information science; Intrusion detection; Phase detection; Set theory; Software; Hidden Markov model; anomaly detection; decision condition; rough set reduction; system call;
Conference_Titel :
Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on
Conference_Location :
Shanghai
Print_ISBN :
978-0-7695-3641-5
DOI :
10.1109/ICIS.2009.140
