论文信息 - Decoding efficiency of the MAP and the max-log MAP algorithm as a strategy in anomaly-based intrusion detection systems

Decoding efficiency of the MAP and the max-log MAP algorithm as a strategy in anomaly-based intrusion detection systems

Hidden Markov Methodology, with particular care to the parameter estimation and the training phase, represents a powerful finite state machine, suitable in various recognition problems. This paper investigated the capabilities of this methodology in anomaly-based intrusion detection. The model training is performed using ML criterion, based on the gradient method. Since the attacks recognition is considered as a decoding problem, the MAP and the max log MAP algorithms combined with gradient based method were applied. The comparison between these two decoding algorithms as a strategy in anomalybased IDS is represented as well.

Veselina G. Jecheva | Evgeniya P. Nikolova

[1] Stephanie Forrest,et al. Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[2] Stephanie Forrest,et al. A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[3] Daxin Tian,et al. A wireless intrusion detection method based on neural network , 2006, ACST.

[4] Anup Ghosh,et al. Simple, state-based approaches to program-based anomaly detection , 2002, TSEC.

[5] Patrick Robertson,et al. A comparison of optimal and sub-optimal MAP decoding algorithms operating in the log domain , 1995, Proceedings IEEE International Conference on Communications ICC '95.

[6] Jiankun Hu,et al. A multi-layer model for anomaly intrusion detection using program sequences of system calls , 2003, The 11th IEEE International Conference on Networks, 2003. ICON2003..

[7] Ajith Abraham,et al. Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[8] John Cocke,et al. Optimal decoding of linear codes for minimizing symbol error rate (Corresp.) , 1974, IEEE Trans. Inf. Theory.

[9] Lawrence R. Rabiner,et al. A tutorial on hidden Markov models and selected applications in speech recognition , 1989, Proc. IEEE.