An Efficient Intrusion Detection Approach Based on Hidden Markov Model and Rough Set

Intrusion detection system has become the research hotspot because it can provide dynamic protection for computer system. Aiming at the problems existed in actual methods or models of intrusion detection, an effective method for intrusion detection based on hidden markov model and rough sets theory was presented in this paper. The circular sequences of system call sequences generated during the normal execution of a process is replaced by circular body, then, a little data is extracted from normal system call sequences, and is transformed to decisive table, afterward, the decisive table is reduced and the simplest rules that present normal behavior mode is extracted by rough sets theory. These rules can be used to detect anomalous behavior. In order to realize the quick detection of known intrusion, an engine of quick detection inspired by hidden markov model was presented in this paper. Compared with other methods in the literature, the method presented in this paper is not only able to extract a set of effective detection rules with the minimum size from part of records of system call sequences, but also can detect the known intrusion quickly. Experiments show that this method in this paper is better than other methods.