TY - GEN
T1 - Investigating hidden markov models capabilities in anomaly detection
AU - Joshi, Shrijit S.
AU - Phoha, Vir V.
PY - 2005
Y1 - 2005
N2 - Hidden Markov Model (HMM) based applications are common in various areas, but the incorporation of HMM's for anomaly detection is still in its infancy. This paper aims at classifying the TCP network traffic as an attack or normal using HMM. The paper's main objective is to build an anomaly detection system, a predictive model capable of discriminating between normal and abnormal behavior of network traffic. In the training phase, special attention is given to the initialization and model selection issues, which makes the training phase particularly effective. For training HMM, 12.195% features out of the total features (5 features out of 41 features) present in the KDD Cup 1999 data set are used. Result of tests on the KDD Cup 1999 data set shows that the proposed system is able to classify network traffic in proportion to the number of features used for training HMM. We are extending our work on a larger data set for building an anomaly detection system.
AB - Hidden Markov Model (HMM) based applications are common in various areas, but the incorporation of HMM's for anomaly detection is still in its infancy. This paper aims at classifying the TCP network traffic as an attack or normal using HMM. The paper's main objective is to build an anomaly detection system, a predictive model capable of discriminating between normal and abnormal behavior of network traffic. In the training phase, special attention is given to the initialization and model selection issues, which makes the training phase particularly effective. For training HMM, 12.195% features out of the total features (5 features out of 41 features) present in the KDD Cup 1999 data set are used. Result of tests on the KDD Cup 1999 data set shows that the proposed system is able to classify network traffic in proportion to the number of features used for training HMM. We are extending our work on a larger data set for building an anomaly detection system.
KW - Anomaly detection system
KW - Hidden markov models
UR - http://www.scopus.com/inward/record.url?scp=77953783421&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77953783421&partnerID=8YFLogxK
U2 - 10.1145/1167350.1167387
DO - 10.1145/1167350.1167387
M3 - Conference contribution
AN - SCOPUS:77953783421
SN - 1595930590
SN - 9781595930590
T3 - Proceedings of the Annual Southeast Conference
SP - 198
EP - 1103
BT - Proceedings of the 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
T2 - 43rd Annual Association for Computing Machinery Southeast Conference, ACMSE '05
Y2 - 18 March 2005 through 20 March 2005
ER -