An Intrusion Detection Based on Markov Model

This paper presents an Intrusion detection technique through anomaly-detection, and proposes Modeling algorithm using training data and anomaly detection model. In this technique, a Markov-chain model is founded based on the characteristic pattern, which is a subsequence of system calls if this sequence satisfies the certain support degree. Experiments show that the method with high detection rate and low false alarm rate is valuable to intrusion detection.

[1]  P. Guttorp Stochastic modeling of scientific data , 1995 .

[2]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[3]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[4]  Lakhmi C. Jain,et al.  Introduction to Bayesian Networks , 2008 .

[5]  Lain L. MacDonald,et al.  Hidden Markov and Other Models for Discrete- valued Time Series , 1997 .

[6]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Eric R. Zieyel Operations research : applications and algorithms , 1988 .

[8]  Connie M. Borror,et al.  Robustness of the Markov-chain model for cyber-attack detection , 2004, IEEE Transactions on Reliability.

[9]  Andrew H. Sung,et al.  Intrusion detection using neural networks and support vector machines , 2002, Proceedings of the 2002 International Joint Conference on Neural Networks. IJCNN'02 (Cat. No.02CH37290).

[10]  Huang Hao,et al.  An Anomaly Detection Model Based on Dynamic Behavior and Character Patterns , 2006 .

[11]  Terry Dwain Escamilla,et al.  Intrusion detection: network security beyond the firewall , 1998 .

[12]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[13]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.