Intrusion Detection Method Based on Fuzzy Hidden Markov Model

Because of the excellent performance of the HMM (Hidden Markov Model), it has been widely used in pattern recognition. Due to the high false alarm rate in the classical intrusion detection system(IDS) based on HMM, a fuzzy approach for the HMM, called Fuzzy Hidden Markov Models (FHMM) is proposed. it is introduced with the Fuzzy logic to the HMM. The robustness and accurate rate of the IDS based on FHMM model are greatly improved. So a new intrusion detection method based on FHMM was proposed in this paper. The experiment results with 1998 DARPA data set shows that our method is efficiently to classify the anomaly profile from the normal profile, and has low false positive rate with high detection rate. Moreover¿the training time is reduced, the detection speed is effectively increased and computer resources are saved.

[1]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[3]  李蔡彥,et al.  Network Intrusion Detection: A Network View , 2001 .

[4]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[5]  Bo Gao,et al.  HMMs (Hidden Markov models) based on anomaly intrusion detection method , 2002, Proceedings. International Conference on Machine Learning and Cybernetics.

[6]  Sung-Bae Cho,et al.  Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[7]  Jihong Pei,et al.  Multilayer fuzzy HMM for online handwriting shape recognition , 2004, Proceedings 7th International Conference on Signal Processing, 2004. Proceedings. ICSP '04. 2004..