Abstract
In intrusion detection systems, sequences of system calls executed by running programs can be used as evidence to detect anomalies. Markov chain is often adopted as the model in the detection systems, in which high-order Markov chain model is well suited for the detection, but as the order of the chain increases, the number of parameters of the model increases exponentially and rapidly becomes too large to be estimated efficiently. In this paper, one-class support vector machines (SVMs) using high-order Markov kernel are adopted as the anomaly detectors. This approach solves the problem of high dimension parameter space. Experiments show that this system can produce good detection performance with low computational overhead.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Forrest, S., Hofmeyr, S.A., Somayaji, A.: Intrusion detection using sequences of system calls. Journal of Computer Security 6, 151–180 (1998)
Lee, W., Stolfo, S.J., Chan, P.K.: Learning patterns from UNIX process execution traces for intrusion detection. In: AAAI Workshop on AI Approaches to Fraud Detection and Risk Management, pp. 50–56. AAAI Press, Menlo Park (1997)
Yeung, D., Ding, Y.: Host-based intrusion detection using dynamic and static behavioral models. Pattern Recognition 36, 229–243 (2003)
Sekar, R., Bendre, M., Dhurjati, D., Bollineni, P.: A fast automation-based method for detecting anomalous program behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 144–155 (2001)
Feng, L., Guan, X., Guo, S., Gao, Y., Liu, P.: Predicting the intrusion intentions by observing system call sequences. Computers & Security 23, 241–252 (2004)
Warrender, S., Forrest, S., Pearlmutter, B.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 133–145 (1999)
Ju, W., Vardi, Y.: A hybrid high-order Markov chain model for computer intrusion detection. Journal of Computational and Graphical Statistics 10, 277–295 (2001)
Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector machines. Cambridge University Press, Cambridge (2000)
Leslie, C., Eskin, E., Noble, W.S.: The spectrum kernel: a string kernel for SVM protein classification. In: Proceedings of the pacific biocomputing Symposium, vol. 7, pp. 566–575 (2002)
Leslie, C., Eskin, E., Weston, J., Noble, W.S.: Mismatch string kernels for SVM protein classification. In: Becker, S., Thrun, S., Obermayer, K. (eds.) Proceedings of Neural Information Processing Systems 15, MIT Press, Cambridge (2002)
Vishwanathan, S.V.N., Smola, A.J.: Fast kernels for string and tree matching. In: Becker, S., Thrun, S., Obermayer, K. (eds.) Proceedings of Neural Information Processing Systems 15, MIT Press, Cambridge (2002)
Lodhi, H., Saunders, C., Shawe-Taylor, C., Cristianini, N., Watkins, C.: Text classification using string kernels. Journal of Machine Learning Research 2, 419–444 (2002)
Schölkopf, B., Platt, B.J.C., Shawe-Taylor, J., Smola, A.J.: Estimating the support of a high-dimensional distribution. Technical report MSR-TR-99-87, Microsoft Research (1999)
Ye, N., Li, X., Chen, Q., Emran, S.M., Xu, M.: Probabilistic techniques for intrusion detection based on computer audit data. IEEE Trans. On Systems, Man, and Cybernetics – Part A: Systems and Humans 31(4), 266–274 (2001)
Berchtold, A., Raftery, E.: The mixture transition distribution model for high-order Markov chains and non-Gaussian time series. Statistical Science 17(3), 328–356 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tian, S., Yin, C., Mu, S. (2006). High-Order Markov Kernels for Network Intrusion Detection. In: King, I., Wang, J., Chan, LW., Wang, D. (eds) Neural Information Processing. ICONIP 2006. Lecture Notes in Computer Science, vol 4234. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11893295_21
Download citation
DOI: https://doi.org/10.1007/11893295_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46484-6
Online ISBN: 978-3-540-46485-3
eBook Packages: Computer ScienceComputer Science (R0)