Combining incremental Hidden Markov Model and Adaboost algorithm for anomaly intrusion detection

Authors:
Yu-Shu Chen;Yi-Ming Chen
Affiliations:
National Central University, Jhongli, Taiwan, R.O.C.;National Central University, Jhongli, Taiwan, R.O.C.
Venue:
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Year:
2009

Citing 7
Cited 4

A decision-theoretic generalization of on-line learning and an application to boosting

Journal of Computer and System Sciences - Special issue: 26th annual ACM symposium on the theory of computing & STOC'94, May 23–25, 1994, and second annual Europe an conference on computational learning theory (EuroCOLT'95), March 13–15, 1995
Online ensemble learning

Online ensemble learning
Fuzzy Online Risk Assessment for Distributed Intrusion Prediction and Prevention Systems

UKSIM '08 Proceedings of the Tenth International Conference on Computer Modeling and Simulation
Incremental estimation of discrete hidden Markov models based on a new backward procedure

AAAI'05 Proceedings of the 20th national conference on Artificial intelligence - Volume 2
Control theoretic approach to intrusion detection using a distributed hidden Markov model

IEEE Wireless Communications
AdaBoost-Based Algorithm for Network Intrusion Detection

IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
Recognition of visual speech elements using adaptively boosted hidden Markov models

IEEE Transactions on Circuits and Systems for Video Technology

Weight LOFCC: a heuristic weight-setting strategy of LOF applied to outlier detection in time series data

ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications: Part I
Adaptive ROC-based ensembles of HMMs applied to anomaly detection

Pattern Recognition
LoGID: An adaptive framework combining local and global incremental learning for dynamic selection of ensembles of HMMs

Pattern Recognition
Anomaly based intrusion detection using meta ensemble classifier

Proceedings of the Fifth International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traditional Hidden Markov Model (HMM) has been successfully applied to anomaly intrusion detection. Incremental HMM (IHMM) further improves the training time of HMM. However, both HMM and IHMM still have the problem of high false positive rate. In this paper, we propose an Adaboost-IHMM to combine IHMM and adaboost for anomaly intrusion detection. As adaboost firstly uses many IHMMs to collectively classify samples then decides the results of samples' classifications, the Adaboost-IHMM can improve the accurate rate of classifications. Experimental results with Stide datasets show that the proposed method can significantly improve the false positive rate by 70% without decreasing detection rate. Besides, we also propose a method to adjust the normal profile for avoiding erroneous detection caused by changes of normal behavior. We perform with experiments with realistic datasets extracted from the use of popular browsers. Compared with traditional HMM method, our method can improve the training time by 90% to build a new normal profile.