| An Intrusion Detection Method Based on Hierarchical Hidden Markov Models |
| |
| 引用本文: | JIA Chunfu YANG Feng. An Intrusion Detection Method Based on Hierarchical Hidden Markov Models[J]. 武汉大学学报:自然科学英文版, 2007, 12(1): 135-138. DOI: 10.1007/s11859-006-0245-4 |
| |
| 作者姓名: | JIA Chunfu YANG Feng |
| |
| 作者单位: | [1]College of Information Science and Technology, Universityof Science and Technology of China, Hefei 230026, Anhui, China; [2]College of Information Technology and Science, NankaiUniversity, Tianjin 300071, China |
| |
| 基金项目: | Foundation item: Supported by the Science and Technology Development Project Foundation of Tianjin (033800611, 05YFGZGX24200) |
| |
| 摘 要: | This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hierarchical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm profile supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly identify the anomaly activities and has a better performance than hidden Markov model.
|
| 关 键 词: | 计算机 网络技术 隐马尔可夫模型 安全技术 |
| 文章编号: | 1007-1202(2007)01-0135-04 |
| 收稿时间: | 2006-04-16 |
An intrusion detection method based on hierarchical hidden Markov models |
| |
| Jia Chunfu,Yang Feng. An intrusion detection method based on hierarchical hidden Markov models[J]. Wuhan University Journal of Natural Sciences, 2007, 12(1): 135-138. DOI: 10.1007/s11859-006-0245-4 |
| |
| Authors: | Jia Chunfu Yang Feng |
| |
| Affiliation: | (1) College of Information Science and Technology, University of Science and Technology of China, Hefei, 230026, Anhui, China;(2) College of Information Technology and Science, Nankai University, Tianjin, 300071, China |
| |
| Abstract: | This paper presents an anomaly detection approach to detect intrusions into computer systems. In this approach, a hier- archical hidden Markov model (HHMM) is used to represent a temporal profile of normal behavior in a computer system. The HHMM of the norm profile is learned from historic data of the system's normal behavior. The observed behavior of the system is analyzed to infer the probability that the HHMM of the norm pro- file supports the observed behavior. A low probability of support indicates an anomalous behavior that may result from intrusive activities. The model was implemented and tested on the UNIX system call sequences collected by the University of New Mexico group. The testing results showed that the model can clearly iden- tify the anomaly activities and has a better performance than hid- den Markov model. |
| |
| Keywords: | intrusion detection hierarchical hidden Markov model anomaly detection |
| 本文献已被 CNKI 维普 SpringerLink 等数据库收录! |
