Fuzzy Subspace Hidden Markov Models for Pattern Recognition

This paper presents a novel fuzzy subspace-based approach to hidden Markov model. Features extracted from patterns are considered as feature vectors in a multi-dimensional feature space. Current hidden Markov modeling techniques treat features equally, however this assumption may not be true. We propose to consider subspaces in the feature space and assign a weight to each feature to determine the contribution of that feature in different subspaces to modeling and recognizing patterns. Weights can be computed if a learning estimation method such as maximum likelihood is given. Experimental results in network intrusion detection based on the proposed approach show promising results.

[1]  Leonid Portnoy,et al.  Intrusion detection with unlabeled data using clustering , 2000 .

[2]  Salvatore J. Stolfo,et al.  Cost-based modeling for fraud and intrusion detection: results from the JAM project , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[3]  Philip K. Chan,et al.  A Machine Learning Approach to Anomaly Detection , 2003 .

[4]  Biing-Hwang Juang,et al.  The past, present, and future of speech processing , 1998, IEEE Signal Process. Mag..

[5]  Dat Tran,et al.  Generalised Fuzzy Hidden Markov Models for Speech Recognition , 2002, AFSS.

[6]  Sadaoki Furui,et al.  Recent advances in speaker recognition , 1997, Pattern Recognit. Lett..

[7]  Joseph S. Sherif,et al.  Intrusion detection: methods and systems. Part II , 2003, Inf. Manag. Comput. Secur..

[8]  Mei-Yuh Hwang,et al.  From Sphinx-II to Whisper — Making Speech Recognition Usable , 1996 .

[9]  Dirk Ourston,et al.  Coordinated Internet attacks: responding to attack complexity , 2004, J. Comput. Secur..

[10]  Yi Lu,et al.  Clustering and Classification Based Anomaly Detection , 2006, FSKD.

[11]  Michael K. Ng,et al.  An Entropy Weighting k-Means Algorithm for Subspace Clustering of High-Dimensional Sparse Data , 2007, IEEE Transactions on Knowledge and Data Engineering.

[12]  Jim Alves-Foss,et al.  An empirical analysis of NATE: Network Analysis of Anomalous Traffic Events , 2002, NSPW '02.

[13]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[15]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[16]  Wanli Ma,et al.  Automated network feature weighting-based anomaly detection , 2008, 2008 IEEE International Conference on Intelligence and Security Informatics.

[17]  Wanli Ma,et al.  Automated Feature Weighting for Network Anomaly Detection , 2008 .

[18]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[19]  Gerry White,et al.  The Past , 2000 .

[20]  Vern Paxson,et al.  Bro: a system for detecting network intruders in real-time , 1998, Comput. Networks.

[21]  Yasser Yasami,et al.  An ARP-based Anomaly Detection Algorithm Using Hidden Markov Model in Enterprise Networks , 2007, 2007 Second International Conference on Systems and Networks Communications (ICSNC 2007).

[22]  Michael K. Ng,et al.  Automated variable weighting in k-means type clustering , 2005, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[23]  J. Ben Atkinson,et al.  Modeling and Analysis of Stochastic Systems , 1996 .

[24]  Jim Alves-Foss,et al.  NATE: Network Analysis of Anomalous Traffic Events, a low-cost approach , 2001, NSPW '01.

[25]  Stuart Staniford-Chen,et al.  Practical Automated Detection of Stealthy Portscans , 2002, J. Comput. Secur..

[26]  E. Diczfalusy,et al.  The past, present and future , 1999, International journal of gynaecology and obstetrics: the official organ of the International Federation of Gynaecology and Obstetrics.

[27]  Joseph S. Sherif,et al.  Intrusion detection: the art and the practice. Part I , 2003, Inf. Manag. Comput. Secur..

[28]  Biing-Hwang Juang,et al.  Fundamentals of speech recognition , 1993, Prentice Hall signal processing series.

[29]  Philip K. Chan,et al.  PHAD: packet header anomaly detection for identifying hostile network traffic , 2001 .

[30]  Eugene H. Spafford,et al.  An architecture for intrusion detection using autonomous agents , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[31]  Donato Malerba,et al.  Clustering As An Add-on For Firewalls , 2004 .

[32]  Ross Anderson,et al.  The Use of Information Retrieval Techniques for Intrusion Detection , 1997 .

[33]  Xiangyang Li,et al.  Mining Normal and Intrusive Activity Patterns for Computer Intrusion Detection , 2004, ISI.

[34]  Kuldip K. Paliwal,et al.  Automatic Speech and Speaker Recognition: Advanced Topics , 1999 .

[35]  P. Lingras,et al.  Precision and Recall in Rough Support Vector Machines , 2007 .

[36]  Wanli Ma,et al.  Fuzzy Vector Quantization for Network Intrusion Detection , 2007, 2007 IEEE International Conference on Granular Computing (GRC 2007).

[37]  Matthew V. Mahoney,et al.  Network traffic anomaly detection based on packet bytes , 2003, SAC '03.

[38]  Wanli Ma,et al.  Fuzzy Vector Quantization for Network Intrusion Detection , 2007 .

[39]  Biing-Hwang Juang,et al.  An Overview of Automatic Speech Recognition , 1996 .

[40]  Jim Alves-Foss,et al.  NATE: Network Analysis ofAnomalousTrafficEvents, a low-cost approach , 2001 .