An Application of Learning Problem in Anomaly-based Intrusion Detection Systems

The present paper introduces an approach to anomaly-based intrusion detection using the hidden Markov models (HMM) and the BCJR decoding algorithm. The main idea is to distinguish the normal traces of user activity from abnormal ones using the BCJR decoding algorithm applied in conjunction with HMM parameters adjustment using the gradient based method. Some results from the conducted simulation experiments are introduced as well

[1]  Andreas Fuchsberger,et al.  Intrusion Detection Systems and Intrusion Prevention Systems , 2005, Inf. Secur. Tech. Rep..

[2]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[3]  Hussein A. Abbass,et al.  Applications of Information Systems to Homeland Security and Defense , 2006 .

[4]  Gerry V. Dozier,et al.  Immunity-based intrusion detection system design, vulnerability analysis, and GENERTIA's genetic arms race , 2005, SAC '05.

[5]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[6]  Karl N. Levitt,et al.  Automated detection of vulnerabilities in privileged programs by execution monitoring , 1994, Tenth Annual Computer Security Applications Conference.

[7]  Somesh Jha,et al.  Static Analysis of Executables to Detect Malicious Patterns , 2003, USENIX Security Symposium.

[8]  Bo Gao,et al.  HMMs (Hidden Markov models) based on anomaly intrusion detection method , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[9]  Jiankun Hu,et al.  A multi-layer model for anomaly intrusion detection using program sequences of system calls , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[10]  R. Sekar,et al.  A fast automaton-based method for detecting anomalous program behaviors , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[11]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[12]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[13]  John Cocke,et al.  Optimal decoding of linear codes for minimizing symbol error rate (Corresp.) , 1974, IEEE Trans. Inf. Theory.

[14]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[15]  Eugene H. Spafford,et al.  Applying Genetic Programming to Intrusion Detection , 1995 .

[16]  Alex Bateman,et al.  An introduction to hidden Markov models. , 2007, Current protocols in bioinformatics.

[17]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[18]  Mike Kemp IDS Deployment: For whom the bells toll: effective IDS deployment strategies , 2005 .

[19]  Anup Ghosh,et al.  Simple, state-based approaches to program-based anomaly detection , 2002, TSEC.