System approach to intrusion detection using hidden Markov model

12 years 21 days ago
System approach to intrusion detection using hidden Markov model
In an era of cooperating ad hoc networks and pervasive wireless connectivity, we are becoming more vulnerable to malicious attacks. Many of these attacks are silent in nature and cannot be detected by the conventional intrusion detection system (IDS) methods such as traffic monitoring, port scanning, or protocol violations. These sophisticated attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to a normal behavior. In this paper we discuss a hidden Markov model (HMM) strategy for intrusion detection using a multivariate Gaussian model for observations that are then used to predict an attack that exists in a form of a hidden state. This model is comprised of a self-organizing network for event clustering, an observation classifier, a drift detector, a profile estimator, a Gaussian mixture model (GMM) accelerator, and an HMM engine. We use this method to predict the intrusion sta...
Rahul Khanna, Huaping Liu
Added 14 Jun 2010
Updated 14 Jun 2010
Type Conference
Year 2006
Authors Rahul Khanna, Huaping Liu
Comments (0)