Skip to main content
SpringerLink
Log in

High-Order Markov Kernels for Network Intrusion Detection

  • Conference paper
Neural Information Processing (ICONIP 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4234))

Included in the following conference series:

Abstract

In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, one-class support vector machines (SVMs) using high-order Markov kernel are adopted as the anomaly detectors. This approach solves the problem of high dimension parameter space. Experiments show that this system can produce good detection performance with low computational overhead.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 139.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Forrest, S., Hofmeyr, S.A., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)

    Google Scholar 

  2. Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from UNIX process execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 50–56. AAAI Press, Menlo Park (1997)

    Google Scholar 

  3. Yeung, D., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36, 229–243 (2003)

    Article  MATH  Google Scholar 

  4. Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automation-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 144–155 (2001)

    Google Scholar 

  5. Feng, L., Guan, X., Guo, S., Gao, Y., Liu, P.: Predicting the intrusion intentions by observing system call sequences. Computers & Security 23, 241–252 (2004)

    Article  Google Scholar 

  6. Warrender, S., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 133–145 (1999)

    Google Scholar 

  7. Ju, W., Vardi, Y.: A hybrid high-order Markov chain model for computer intrusion detection. Journal of Computational and Graphical Statistics 10, 277–295 (2001)

    Article  MathSciNet  Google Scholar 

  8. Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector machines. Cambridge University Press, Cambridge (2000)

    Google Scholar 

  9. Leslie, C., Eskin, E., Noble, W.S.: The spectrum kernel: a string kernel for SVM protein classification. In: Proceedings of the pacific biocomputing Symposium, vol. 7, pp. 566–575 (2002)

    Google Scholar 

  10. Leslie, C., Eskin, E., Weston, J., Noble, W.S.: Mismatch string kernels for SVM protein classification. In: Becker, S., Thrun, S., Obermayer, K. (eds.) Proceedings of Neural Information Processing Systems 15, MIT Press, Cambridge (2002)

    Google Scholar 

  11. Vishwanathan, S.V.N., Smola, A.J.: Fast kernels for string and tree matching. In: Becker, S., Thrun, S., Obermayer, K. (eds.) Proceedings of Neural Information Processing Systems 15, MIT Press, Cambridge (2002)

    Google Scholar 

  12. Lodhi, H., Saunders, C., Shawe-Taylor, C., Cristianini, N., Watkins, C.: Text classification using string kernels. Journal of Machine Learning Research 2, 419–444 (2002)

    Article  MATH  Google Scholar 

  13. Schölkopf, B., Platt, B.J.C., Shawe-Taylor, J., Smola, A.J.: Estimating the support of a high-dimensional distribution. Technical report MSR-TR-99-87, Microsoft Research (1999)

    Google Scholar 

  14. Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. On Systems, Man, and Cybernetics – Part A: Systems and Humans 31(4), 266–274 (2001)

    Article  Google Scholar 

  15. Berchtold, A., Raftery, E.: The mixture transition distribution model for high-order Markov chains and non-Gaussian time series. Statistical Science 17(3), 328–356 (2002)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer and Information Technology, Beijing Jiaotong University, Beijing, 100044, P.R. China

    Shengfeng Tian, Chuanhuan Yin & Shaomin Mu

Authors
  1. Shengfeng Tian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chuanhuan Yin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shaomin Mu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, The Chinese Univ. of Hong Kong, Shatin, N.T., Hong Kong

    Irwin King

  2. Department of Mechanical and Automation Engineering, The Chinese University of Hong Kong, Shatin, Hong Kong, New Territories,, China

    Jun Wang

  3. The Chinese University of Hong Kong, Shatin, N.T., Hong Kong

    Lai-Wan Chan

  4. Department of Computer Science and Engineering & Center for Cognitive Science, The Ohio State University, OH 43210, Columbus

    DeLiang Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tian, S., Yin, C., Mu, S. (2006). High-Order Markov Kernels for Network Intrusion Detection. In: King, I., Wang, J., Chan, LW., Wang, D. (eds) Neural Information Processing. ICONIP 2006. Lecture Notes in Computer Science, vol 4234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893295_21

Download citation

  • DOI: https://doi.org/10.1007/11893295_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-46484-6

  • Online ISBN: 978-3-540-46485-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation