Learning in the presence of concept drift and hidden contexts
Machine Learning
Self-Organizing Maps
X-means: Extending K-means with Efficient Estimation of the Number of Clusters
ICML '00 Proceedings of the Seventeenth International Conference on Machine Learning
Learning Program Behavior Profiles for Intrusion Detection
Proceedings of the Workshop on Intrusion Detection and Network Monitoring
Managing Alerts in a Multi-Intrusion Detection Environment
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Systematic data selection to mine concept-drifting data streams
Proceedings of the tenth ACM SIGKDD international conference on Knowledge discovery and data mining
Probabilistic techniques for intrusion detection based on computer audit data
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Distributed and control theoretic approach to intrusion detection
IWCMC '07 Proceedings of the 2007 international conference on Wireless communications and mobile computing
Asset priority risk assessment using hidden markov models
Proceedings of the 10th ACM conference on SIG-information technology education
Hidden Markov Model Modeling of SSH Brute-Force Attacks
DSOM '09 Proceedings of the 20th IFIP/IEEE International Workshop on Distributed Systems: Operations and Management: Integrated Management of Systems, Services, Processes and People in IT
Reduced complexity intrusion detection in sensor networks using genetic algorithm
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Hi-index | 0.00 |
In an era of cooperating ad hoc networks and pervasive wireless connectivity, we are becoming more vulnerable to malicious attacks. Many of these attacks are silent in nature and cannot be detected by the conventional intrusion detection system (IDS) methods such as traffic monitoring, port scanning, or protocol violations. These sophisticated attacks operate under the threshold boundaries during an intrusion attempt and can only be identified by profiling the complete system activity in relation to a normal behavior. In this paper we discuss a hidden Markov model (HMM) strategy for intrusion detection using a multivariate Gaussian model for observations that are then used to predict an attack that exists in a form of a hidden state. This model is comprised of a self-organizing network for event clustering, an observation classifier, a drift detector, a profile estimator, a Gaussian mixture model (GMM) accelerator, and an HMM engine. We use this method to predict the intrusion states based on observation deviation from normal profiles or by fitting it into an appropriate attack profile.