A Network-wide Traffic Anomaly Detection Method Based on HSMM

Hidden semi-Markov model (HsMM) has been well studied and widely applied to many areas. The advantage of using an HsMM is its efficient forward-backward algorithm for estimating model parameters to best account for an observed sequence. In this paper, we propose an HsMM to model the distribution of network-wide traffic and use an observation window to distinguish DoS flooding attacks mixed within the normal background traffic. Several experiments are conducted to validate our method

[1]  H. Kobayashi,et al.  An efficient forward-backward algorithm for an explicit-duration hidden Markov model , 2003, IEEE Signal Processing Letters.

[2]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Walter Willinger,et al.  Self-similar traffic and network dynamics , 2002, Proc. IEEE.

[4]  Pingzhi Fan,et al.  A new anomaly detection method based on hierarchical HMM , 2003, Proceedings of the Fourth International Conference on Parallel and Distributed Computing, Applications and Technologies.

[5]  J. Baker,et al.  The DRAGON system--An overview , 1975 .

[6]  Xiao-Qiang Zhang,et al.  Combining the HMM and the neural network models to recognize intrusions , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[7]  Mark S. Squillante,et al.  A hidden semi-Markov model for web workload self-similarity , 2002, Conference Proceedings of the IEEE International Performance, Computing, and Communications Conference (Cat. No.02CH37326).

[8]  D. Rubin,et al.  Maximum likelihood from incomplete data via the EM - algorithm plus discussions on the paper , 1977 .

[9]  Lawrence R. Rabiner,et al.  A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.

[10]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[11]  L. Baum,et al.  Growth transformations for functions on manifolds. , 1968 .