期刊文献+

An Intrusion Detection Method Based on Hierarchical Hidden Markov Models 被引量:2

An Intrusion Detection Method Based on Hierarchical Hidden Markov Models
下载PDF
导出
摘要 This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model. This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.
出处 《Wuhan University Journal of Natural Sciences》 CAS 2007年第1期135-138,共4页 武汉大学学报(自然科学英文版)
基金 Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200)
关键词 intrusion detection hierarchical hidden Markov model anomaly detection intrusion detection hierarchical hidden Markov model anomaly detection
  • 相关文献

参考文献10

  • 1ZHONG An-ming 1, JIA Chun-fu 1,21.College of Information Technology and Sciences, Nankai University, Tianjin 300071,China,2.State Key Laboratory of Information Security, Institute of Software of Chinese Academy of Science, Beijing 100039,China.Privilege Flow Oriented Intrusion Detection Based on Hidden Semi-MarkovModel[J].Wuhan University Journal of Natural Sciences,2005,10(1):137-141. 被引量:2
  • 2Shai Fine,Yoram Singer,Naftali Tishby.The Hierarchical Hidden Markov Model: Analysis and Applications[J].Machine Learning.1998(1)
  • 3Forrest S,,Hofmeyr S A,Somayaji A.A Sense of Self for Unix Processes[C]//[].Proceeding of the IEEE Symposium on Research in Security and Privacy.1996
  • 4Bui H,,Venkatesh S,West G.On the Recognition of Abstract Markov Policies[C]//[].Proceedings of the Seventeenth National Conference on Artificial Intelligence and Twelfth Conference on Innovative Applications of Artificial Intelligence.2000
  • 5Zhong Anming,,Jia Chunfu.Study on the Applications of Hidden Markov Models to Computer Intrusion Detection [C]//[].Proceedings of the th World Congress on Intelligent Control and Automation.2004
  • 6Yan Qiao,,Xie Weixin,Yang Bin, et al.An Anomaly Intrusion Detection Method Based on HMM[].Electronics Letters.2002
  • 7Rabiner L R,,Juang B H.An Introduction to Hidden Markov Models[].IEEE ASSP Magazine.1986
  • 8Ivanov Y,,Bobick A.Recognition of Visual Activities and Interactions by Stochastic Parsing[].IEEE Transactions on Pattern Analysis and Machine Intelligence.2000
  • 9Du Ye,,Wang Huiqiang,Pang Yonggang.A Hidden Markov Models-Based Anomaly Intrusion Detection Method[C]//[].Proceedings of the th World Congress on Intelligent Control and Automation.2004
  • 10Ye N.A Markov Chain Model of Temporal Behavior for Anomaly Detection[C]//[].Proceedings of the IEEE Workshop on Information Assurance and Security.2000

二级参考文献5

  • 1Ye N,Li X,Chen Q,et al.Probabilistic Techniques for Intrusion Detection Based on Computer Audit Data[].IEEE Transactions on Systems Man and Cybernetics.2001
  • 2Cho S B,Park H J.Efficient Anomaly Detection by Modeling Privilege Flows Using Hidden Markov Model[].Computers and Security.2003
  • 3Qiao Y,Xin X W,Bin Y,et al.Anomaly Intrusion Detection Method Based on HMM[].IEEE Trans Electronics Letters.2002
  • 4Ye N,Timothy E,Zhang Y B.First-Order Versus High-order Stochastic Models for Computer Intrusion Detection[].Quality and Reliability.2002
  • 5Ferguson J D.Variable Duration Models for Speech, Proc on the Application of HMMs to Text and Speech[].PrincetonNew Jersey: Princeton Hall.1980

共引文献1

同被引文献14

  • 1陈波,于泠,肖军模.SA算法在基于模型推理入侵检测中的应用[J].电子科技大学学报,2005,34(1):36-39. 被引量:1
  • 2曾茹刚,管晓宏,昝鑫,郑庆华.基于案例推理的入侵检测关联分析研究[J].计算机工程与应用,2006,42(4):138-141. 被引量:2
  • 3Forrest S, Hofmeyr S A, Somayaji A, et al. A sense of self for unix process[C]//Proc, of the 1996 IEEE Syrup. on Security and Privacy. Oakland: IEEE Computer Society Press, 1996:120-128.
  • 4Warrender C, Forrest S, Pearlmutter B. Detecting intrusions using system calls:alternative data models[C]//Proc, of the 1999 IEEE Symp. on Security and Privacy. Oakland: IEEE Computer Society Press, 1999 : 133-145.
  • 5Sekar R, Bendre M, Bollineni P, et al. A fast automaton - based approach for detecting anomalous program behaviors [C]// Proc. of the 2001 IEEE Syrup. on Security and Privacy. Oakland: IEEE Computer Society Press, 2001 : 144-155.
  • 6Kang D K, Fuller D, Honavar V. Learning Classifiers for Misuse and Anomaly Detection Using a Bag of System Calls Representation[C]//Proc, of the 2005 IEEE Systems Man and Cybernetics Information Assurance Workshop. 2005 :118-125.
  • 7Qian Q,Xin M J. Research on hidden markov model for system call anomaly detection[J]. Lecture Notes in Computer Science, 2007,4430 : 152-159.
  • 8Wagner D, Sotl P. Mimicry attacks on host-based intrusion detection systems[C]//Proc, of the 2002 ACM Conference on Computer and Communications Security. New York: ACM Press, 2002 : 255-264.
  • 9Yan Ye. Text Image Compression Based on Pattern Matching [D]. University of California, 2002.
  • 10李闻,戴英侠,连一峰,冯萍慧.基于混杂模型的上下文相关主机入侵检测系统[J].软件学报,2009,20(1):138-151. 被引量:31

引证文献2

二级引证文献11

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部