Sensing Attacks in Computers Networks with Hidden Markov Models

Authors:
Davide Ariu;Giorgio Giacinto;Roberto Perdisci
Affiliations:
Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d'Armi, 09123 Cagliari, Italy;Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d'Armi, 09123 Cagliari, Italy;Department of Electrical and Electronic Engineering, University of Cagliari, Piazza d'Armi, 09123 Cagliari, Italy
Venue:
MLDM '07 Proceedings of the 5th international conference on Machine Learning and Data Mining in Pattern Recognition
Year:
2007

Citing 14
Cited 0

An Intrusion-Detection Model

IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Practical Intrusion Detection Handbook

Practical Intrusion Detection Handbook
Defending Yourself: The Role of Intrusion Detection Systems

IEEE Software
Ensemble Methods in Machine Learning

MCS '00 Proceedings of the First International Workshop on Multiple Classifier Systems
Classification of Time Series Utilizing Temporal and Decision Fusion

MCS '01 Proceedings of the Second International Workshop on Multiple Classifier Systems
Fusion of multiple classifiers for intrusion detection in computer networks

Pattern Recognition Letters
Anomaly Detection Using Call Stack Information

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A Neural Network Component for an Intrusion Detection System

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Pattern Classification (2nd Edition)

Pattern Classification (2nd Edition)
Combining Pattern Classifiers: Methods and Algorithms

Combining Pattern Classifiers: Methods and Algorithms
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Polymorphic blending attacks

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Similarity-based clustering of sequences using hidden Markov models

MLDM'03 Proceedings of the 3rd international conference on Machine learning and data mining in pattern recognition
Behavioral distance measurement using hidden markov models

RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this work, we propose an Intrusion Detection model for computer newtorks based on Hidden Markov Models. While stateful techniques are widely used to detect intrusion at the operating system level, by tracing the sequences of system calls, this issue has been rarely researched for the analysis of network traffic. The proposed model aims at detecting intrusions by analysing the sequences of commands that flow between hosts in a network for a particular service (e.g., an ftp session). First the system must be trained in order to learn the typical sequences of commands related to innocuous connections. Then, intrusion detection is performed by indentifying anomalous sequences. To harden the proposed system, we propose some techniques to combine HMM. Reported results attained on the traffic acquired from a European ISP shows the effectiveness of the proposed approach.