Performance issues on integration of security services
Transactions on computational science XI
| Hi-index | 0.01 |
Network anomaly detection is an active research area. Behavior recognition of traffic is a process by which the ongoing observed behavior of a host is tracked and compared by a given model. Various methods for behavior recognition exist. But incorporation of Hidden Markov Models (HMM's) for anomaly detection (ARP anomaly detection, especially) is a novel method. This paper aims at classifying the network ARP traffic as an abnormal or normal using a special HMM. The paper's main objective is to build a statistical anomaly detection system, a predictive model capable of discrimination between normal and abnormal behavior of network ARP traffic. The proposed method is unique in this aspect that by applying a modified HMM presents a host-based ARP anomaly detection algorithm with very high accuracy. We applied the method in a real campus network and observed a precision of above 90%.