A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Intrusion detection using sequences of system calls
Journal of Computer Security
A new intrusion detection method based on antibody concentration
ICIC'09 Proceedings of the Intelligent computing 5th international conference on Emerging intelligent computing technology and applications
A survey of techniques for incremental learning of HMM parameters
Information Sciences: an International Journal
Network intrusion detection system using genetic network programming with support vector machine
Proceedings of the International Conference on Advances in Computing, Communications and Informatics
| Hi-index | 0.00 |
Extensive research activities have been observed on network-based intrusion detection systems (IDSs). However, there are always some attacks that penetrate traffic-profiling-based network IDSs. These attacks often cause very serious damages such as modifying host critical files. A host-based anomaly IDS is an effective complement to the network IDS in addressing this issue. This article proposes a simple data preprocessing approach to speed up a hidden Markov model (HMM) training for system-call-based anomaly intrusion detection. Experiments based on a public database demonstrate that this data preprocessing approach can reduce training time by up to 50 percent with unnoticeable intrusion detection performance degradation, compared to a conventional batch HMM training scheme. More than 58 percent data reduction has been observed compared to our prior incremental HMM training scheme. Although this maximum gain incurs more degradation of false alarm rate performance, the resulting performance is still reasonable.