论文信息 - A New Anomaly Detection Method Based on Rough Set Reduction and HMM

A New Anomaly Detection Method Based on Rough Set Reduction and HMM

Over the past few years, anomaly detection has been an increasing concern with the rapid growth of the network security. Hidden Markov model (HMM) has been applied in various methods in intrusion detection and proved to be a good tool to model normal behaviors of privileged processes, however, one major problem with this approach is that it demands excessive computing resources and costs a long model training time, which makes it inefficient for practical intrusion detection. This paper presents a new method of bringing rough set reduction into HMM to overcome the shortcoming. The proposed approach classifies and simplifies the long observation sequence by virtue of rough set reduction, and the decision conditions obtained in rough set reduction phase could be used in further detection. The experimental results indicate that this method can promote the model training efficiency. Further-more, it is suitable for anomaly detection with high detect rate and low false alarm rate.

Minghui Chen | Xufa Wang | Fanping Zeng | Kaitao Yin

[1] Jerzy W. Grzymala-Busse,et al. A New Version of the Rule Induction System LERS , 1997, Fundam. Informaticae.

[2] Stephanie Forrest,et al. A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3] Yiguo Qiao,et al. Anomaly intrusion detection method based on HMM , 2002 .

[4] Sankar K. Pal,et al. Roughness of a Fuzzy Set , 1996, Inf. Sci..

[5] Jiankun Hu,et al. A multi-layer model for anomaly intrusion detection using program sequences of system calls , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[6] Jerzy Stefanowski,et al. On rough set based approaches to induction of decision rules , 1998 .

[7] Jiankun Hu,et al. An efficient hidden Markov model training scheme for anomaly intrusion detection of server applications based on system calls , 2004, Proceedings. 2004 12th IEEE International Conference on Networks (ICON 2004) (IEEE Cat. No.04EX955).

[8] Zdzisław Pawlak,et al. Rough Sets And Decision Analysis , 2000 .

[9] Marc Parizeau,et al. Training Hidden Markov Models with Multiple Observations-A Combinatorial Method , 2000, IEEE Trans. Pattern Anal. Mach. Intell..

[10] Sung-Bae Cho,et al. Efficient anomaly detection by modeling privilege flows using hidden Markov model , 2003, Comput. Secur..

[11] Lawrence R. Rabiner,et al. A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.