A Hidden Markov Model Used in Intrusion Detection

As the key component of computer security technique, intrusion detection has received more and more attention. In this paper, an overview of research in anomaly detection is presented with emphasis on issues related to found a hidden Markov model (HMM) for the normal states of computer system, and an algorithm of anomaly detection is brought forward. The probability of observed sequence is computed and the average probability of a fixed length sequence is used as the metric of anomaly detection. To improve accuracy, an update algorithm for this hidden Markov model is also presented based on the forgetting factor. This method is not only useful in theory, but also can be used in practice to monitor the computer system in real time.