Title :
Modeling program behaviors by hidden Markov models for intrusion detection
Author :
Wang, Wei ; Guan, Xiao-Hong ; Zhang, Xiang-Liang
Author_Institution :
Res. Center for Networked Syst. & Inf. Security, Xi´´an Jiaotong Univ., China
Abstract :
Intrusion detection is an important technique in the defense-in-depth network security framework and a hot topic in computer network security in recent years. In this paper, a new efficient intrusion detection method based on hidden Markov models (HMMs) is presented. HMMs are applied to model the normal program behaviors using traces of system calls issued by processes. The output probability of a sequence of system calls is calculated by the normal model built. If the probability of a sequence in a trace is below a certain threshold, the sequence is flagged as a mismatch. If the ratio between the mismatches and all the sequences in a trace exceeds another threshold, the trace is then considered as a possible intrusion. The method is implemented and tested on the sendmail system call data from the University of New Mexico. Experimental results show that the performance of the proposed method in intrusion detection is better than other methods.
Keywords :
computer networks; hidden Markov models; probability; security of data; HMM; computer network security; defense-in-depth network security; hidden Markov models; intrusion detection method; modeling program behaviors; probability; sendmail system; system call sequence; Computer networks; Computer security; Electronic mail; Hidden Markov models; Information security; Intelligent manufacturing systems; Intelligent networks; Intrusion detection; Laboratories; Manufacturing systems;
Conference_Titel :
Machine Learning and Cybernetics, 2004. Proceedings of 2004 International Conference on
Print_ISBN :
0-7803-8403-2
DOI :
10.1109/ICMLC.2004.1378514
