Skip to main content
SpringerLink
Log in

Viterbi Algorithm for Intrusion Type Identification in Anomaly Detection System

  • Conference paper
Information Security Applications (WISA 2003)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2908))

Included in the following conference series:

Abstract

Due to the proliferation of the infrastructure of communication networks and the development of the relevant technology, intrusions on computer systems and damage are increased, resulting in extensive work on intrusion detection systems (IDS) to find attacks exploiting illegal usages or misuses. However, many IDSs have some weaknesses, and most hackers try to intrude systems through the vulnerabilities. In this paper, we develop an intrusion detection system based on anomaly detection with hidden Markov model and propose a method using the Viterbi algorithm for identifying the type of intrusions. Experimental results indicate that the buffer overflow is well-identified, while we have some difficulties to identify the denial of service attacks with the proposed method.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERTCC-KR, Korea Computer Emergency Response Team and Coordination Center (2003), http://www.certcc.or.kr

  2. Vaccaro, H.S., Liepins, G.E.: Detection of anomalous computer session activity. In: Proc. of IEEE Symposium on Research in Security and Privacy, pp. 280–289 (1989)

    Google Scholar 

  3. Lunt, T.F.: A survey of intrusion detection techniques. Computers & Security 12(4), 405–418 (1993)

    Article  Google Scholar 

  4. IDC, Plugging the Holes In eCommerce: The Market for Intrusion Detection and Vulnerability Assessment Software (1999-2003)

    Google Scholar 

  5. Dowel, C., Ramstdet, P.: The computer watch data reduction tool. In: Proc. of the 13th National Computer Security Conference, Washington DC, USA, pp. 99–108 (October 1990)

    Google Scholar 

  6. Heberlein, T., Dias, G., Levitt, K., Mukherjee, B., Wood, J., Wolber, D.: A network security monitor. In: Proc. of the 1990 IEEE Symposium on Research in Security and Privacy, Los Alamitos, CA, USA, pp. 296–304 (1990)

    Google Scholar 

  7. Stanford-Che, S., Cheung, S., Crawford, R., Dilger, M., Frank, J., Hoagland, J., Levitt, K., Wee, C., Yip, R., Zerkle, D.: GrIDS-A graph based intrusion detection system for large networks. In: Proc. of the 19th National Information Systems Security Conference, vol. 1, pp. 361–370 (October 1998)

    Google Scholar 

  8. Lunt, T.F., Tamaru, A., Gilham, F., Jagannathan, R., Jalali, C., Neuman, P.G.: A realtime intrusion-detection expert system (IDES). Technical Report Project 6784, CSL, SRI International, Computer Science Laboratory, SRI International (February 1992)

    Google Scholar 

  9. Anderson, D., Lunt, T.F., Javits, H., Tamaru, A., Valdes, A.: Detecting unusual program behavior using the statistical components of NIDES. NIDES Technical Report, SRI International (May 1995)

    Google Scholar 

  10. Porras, P.A., Neumann, P.G.: EMERALD: Event monitoring enabling responses to anomalous live disturbances. In: Proc. of the 20th National Information Systems Security Conference, Baltimore, Maryland, USA, October 1997, pp. 353–365 (1997)

    Google Scholar 

  11. Debar, H., Becker, M., Siboni, D.: A neural network component for an intrusion detection system. In: Proc. of 1992 IEEE Computer Society Symposium on Research in Security and Privacy, Oakland, CA, May 1992, pp. 240–250 (1992)

    Google Scholar 

  12. Warrender, C., Forrest, S., Pearlmutter, B.: Detecting intrusion using calls: Alternative data models. In: Proc. of IEEE Symposium on Security and Privacy, pp. 133–145 (May 1999)

    Google Scholar 

  13. Cho, S.-B., Park, H.-J.: Efficient anomaly detection by modeling privilege flows using hidden Markov model. Computers & Security 22(1), 45–55 (2003)

    Article  MathSciNet  Google Scholar 

  14. Larochelle, D., Evans, D.: Statically detecting likely buffer overflow vulnerabilities. In: Proc. of USENIX Security Symposium, pp. 177–190 (August 2001)

    Google Scholar 

  15. Lau, F., Rubin, S.H., Smith, M.H., Trajkovic, L.: Distributed denial of service attacks. In: IEEE International Conference on Systems, Man and Cybernetics, pp. 2275–2280 (2000)

    Google Scholar 

  16. Webster, S.E.: The development and analysis of intrusion detection algorithms. S. M. Thesis, Massachusetts Institute of Technology (June 1998)

    Google Scholar 

  17. Axelsson, S.: Research in intrusion detection system: A survey. Chalmers University of Technology (1999)

    Google Scholar 

  18. Rabiner, L.R.: A tutorial on hidden markov models and selected applications in speech recognition. Proc. of IEEE 77(2), 257–286 (1989)

    Article  Google Scholar 

  19. Rabiner, L.R., Juang, B.H.: An introduction to hidden markov models. IEEE ASSP Magazine 3(1), 4–16 (1986)

    Article  Google Scholar 

  20. Forney Jr., G.D.: Maximum-likelihood sequence detection in the presence of intersymbol interference. IEEE Transactions on Information Theory 18(30), 363–378 (1972)

    Article  MATH  MathSciNet  Google Scholar 

  21. Forney Jr., G.D.: The viterbi algorithm. Proc. of IEEE 61(3), 268–278 (1973)

    Article  MathSciNet  Google Scholar 

  22. Rabiner, L.R., Juang, B.H.: Fundamentals of Speech Recognition, ch. 6. Prentice Hall, Englewood Cliffs (1993)

    Google Scholar 

  23. Picone, J.: Continuous speech recognition using hidden markov models. IEEE ASSP Magazine 7(3), 26–41 (1990)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Computer Science, Yonsei University, Shinchon-dong, Seodaemoon-ku, Seoul, 120-749, Korea

    Ja-Min Koo & Sung-Bae Cho

Authors
  1. Ja-Min Koo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sung-Bae Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Science and Engineering, Ewha Womans University, Korea

    Ki-Joon Chae

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Koo, JM., Cho, SB. (2004). Viterbi Algorithm for Intrusion Type Identification in Anomaly Detection System. In: Chae, KJ., Yung, M. (eds) Information Security Applications. WISA 2003. Lecture Notes in Computer Science, vol 2908. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24591-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24591-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20827-3

  • Online ISBN: 978-3-540-24591-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation