A method for HMM-based system calls intrusion detection based on hybrid training algorithm

HMM (Hidden Markov Model) is a very important intrusion detection tool. The classical HMM training algorithm is a climbing algorithm. It can only find a local optimal solution. To improve the accuracy of HMM training, this paper introduces a hybrid algorithm into intrusion detection. Experiments show that this algorithm can find a more accurate model.

[1]  Mao Xiao A Hybrid Training Method for DHMMs , 2002 .

[2]  Barak A. Pearlmutter,et al.  Detecting intrusions using system calls: alternative data models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Yiguo Qiao,et al.  Anomaly intrusion detection method based on HMM , 2002 .

[4]  Stephanie Forrest,et al.  Intrusion Detection Using Sequences of System Calls , 1998, J. Comput. Secur..

[5]  Stephanie Forrest,et al.  A sense of self for Unix processes , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[6]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[7]  Michael Olinick,et al.  An Introduction to Mathematical Models in the Social and Life Sciences , 1978 .

[8]  A HofmeyrSteven,et al.  Intrusion detection using sequences of system calls , 1998 .

[9]  L. Rabiner,et al.  An introduction to hidden Markov models , 1986, IEEE ASSP Magazine.

[10]  Beizhan Wang,et al.  Survey on HMM based anomaly intrusion detection using system calls , 2010, 2010 5th International Conference on Computer Science & Education.