Exploiting Coarse-Grained Parallelism to Accelerate Protein Motif Finding with a Network Processor
Proceedings of the 14th International Conference on Parallel Architectures and Compilation Techniques
Accelerator design for protein sequence HMM search
Proceedings of the 20th annual international conference on Supercomputing
Distributed and control theoretic approach to intrusion detection
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Seeing the invisible: forensic uses of anomaly detection and machine learning
ACM SIGOPS Operating Systems Review
Modeling Network Intrusion Detection System Using Feature Selection and Parameters Optimization
IEICE - Transactions on Information and Systems
Selecting and Improving System Call Models for Anomaly Detection
DIMVA '09 Proceedings of the 6th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Asset priority risk assessment using hidden markov models
Proceedings of the 10th ACM conference on SIG-information technology education
An effective intrusion detection method using optimal hybrid model of classifiers
Journal of Computational Methods in Sciences and Engineering - Special Supplement Issue in Section A and B: Selected Papers from the ISCA International Conference on Software Engineering and Data Engineering, 2009
Typed linear chain conditional random fields and their application to intrusion detection
IDEAL'10 Proceedings of the 11th international conference on Intelligent data engineering and automated learning
Real-time risk assessment with network sensors and intrusion detection systems
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Building lightweight intrusion detection system based on random forest
ISNN'06 Proceedings of the Third international conference on Advances in Neural Networks - Volume Part III
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Attacker behavior analysis in multi-stage attack detection system
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Quantitative intrusion intensity assessment for intrusion detection systems
Security and Communication Networks
Survey A model-based survey of alert correlation techniques
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
This paper describes a novel approach using Hidden Markov Models (HMM) to detect complex Internet attacks. These attacks consist of several steps that may occur over an extended period of time. Within each step, specific actions may be interchangeable. A perpetrator may deliberately use a choice of actions within a step to mask the intrusion. In other cases, alternate action sequences may be random (due to noise) or because of lack ofexperience on the part of the perpetrator. For an intrusion detection system to be effectiveagainst complex Internet attacks, it must be capable of dealing with the ambiguities described above. We describe research results concerning the use of HMMs as a defense against complex Internet attacks. We describe why HMMs are particularly useful when there is an order to the actions constituting the attack (that is, for the case where one action must precede or follow another action in order to be effective). Because of this property, we show that HMMs are well suited to address the multi-step attack problem. In a direct comparison with two other classic machine learning techniques, decision trees and neural nets, we show that HMMs perform generally better than decision trees and substantially better than neural networks in detecting these complex intrusions.