Abstract
As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.
Chapter PDF
Similar content being viewed by others
References
Denning, D.: An intrusion-detection model. IEEE Trans. on Software Engineering 13(2), 212–232 (1987)
Balajinath, B., Raghavan, S.V.: Intrusion detection through learning behavior model. Computer Communications 24, 1202–1212 (2001)
Vaccaro, H.S., Liepins, G.E.: Detection of anomalous computer session activity. In: Proc. of IEEE Symp. on Research Security and Privacy, pp. 280–289 (1989)
Koo, J.-M., Cho, S.-B.: Viterbi algorithm for intrusion type identification in anomaly detection system. In: Chae, K.-J., Yung, M. (eds.) WISA 2003. LNCS, vol. 2908, pp. 97–110. Springer, Heidelberg (2004)
Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusion using calls: Alternative data models. In: Proc. of IEEE Symp. on Security and Privacy, May 1999, pp. 133–145 (1999)
Cho, S.-B., Park, H.-J.: Efficient anomaly detection by modeling privilege flows using hidden Markov model. Computers & Security 22(1), 45–55 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Koo, JM., Cho, SB. (2005). Effective Intrusion Type Identification with Edit Distance for HMM-Based Anomaly Detection System. In: Pal, S.K., Bandyopadhyay, S., Biswas, S. (eds) Pattern Recognition and Machine Intelligence. PReMI 2005. Lecture Notes in Computer Science, vol 3776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11590316_30
Download citation
DOI: https://doi.org/10.1007/11590316_30
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30506-4
Online ISBN: 978-3-540-32420-1
eBook Packages: Computer ScienceComputer Science (R0)