AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.

[1]  Xinxin Niu,et al.  A Filter Feature Selection Algorithm Based on Mutual Information for Intrusion Detection , 2018, Applied Sciences.

[2]  Lemao Liu,et al.  A Neural Approach to Source Dependence Based Context Model for Statistical Machine Translation , 2018, IEEE/ACM Transactions on Audio, Speech, and Language Processing.

[3]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[4]  Ali Ahmadian Ramaki,et al.  A systematic review on intrusion detection based on the Hidden Markov Model , 2018, Stat. Anal. Data Min..

[5]  Roberto Tronci,et al.  HMMPayl: An intrusion detection system based on Hidden Markov Models , 2011, Comput. Secur..

[6]  Xinghuo Yu,et al.  A simple and efficient hidden Markov model scheme for host-based anomaly intrusion detection , 2009, IEEE Network.

[7]  Patrick P. K. Chan,et al.  Adversarial Feature Selection Against Evasion Attacks , 2016, IEEE Transactions on Cybernetics.

[8]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[9]  Awais Adnan,et al.  Urdu Optical Character Recognition Systems: Present Contributions and Future Directions , 2018, IEEE Access.

[10]  Ling Huang,et al.  Query Strategies for Evading Convex-Inducing Classifiers , 2010, J. Mach. Learn. Res..

[11]  Ludmila I. Kuncheva Diversity in multiple classifier systems , 2005, Inf. Fusion.

[12]  ZhiWu Li,et al.  Anomaly detection based on a dynamic Markov model , 2017, Information Sciences.

[13]  Greg Linden,et al.  Amazon . com Recommendations Item-to-Item Collaborative Filtering , 2001 .

[14]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[15]  CARLOS A. GOMEZ-URIBE,et al.  The Netflix Recommender System , 2015, ACM Trans. Manag. Inf. Syst..

[16]  Alejandro Zunino,et al.  An empirical comparison of botnet detection methods , 2014, Comput. Secur..

[17]  Gurpreet Singh,et al.  A Review of Machine Learning based Anomaly Detection Techniques , 2013, ArXiv.

[18]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[19]  Stephen Winters-Hilt,et al.  Implementing EM and Viterbi algorithms for Hidden Markov Model in linear memory , 2007, BMC Bioinformatics.