Internet Archive Scholar

Hidden semi-Markov model for anomaly detection

Xiaobin Tan, Hongsheng Xi
2008 Applied Mathematics and Computation  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (149.5 kB)
https://web.archive.org/web/20120315020807/http://sist.sysu.edu.cn/~syu/HSMM_References/anomaly%20detection.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2012; you can also visit the original URL. The file type is application/pdf.

Hidden semi-Markov model (HSMM) Maximum entropy principle (MEP) Segmental K-means algorithm a b s t r a c t In this paper, hidden semi-Markov model (HSMM) is introduced into intrusion detection. Hidden Markov model (HMM) has been applied in intrusion detection systems several years, but it has a major weakness: the inherent duration probability density of a state in HMM is exponential, which may be inappropriate for the modeling of audit data of computer systems. We can handle this problem well
more » ... by developing an HSMM for perfect normal processes of computer systems. Based on this HSMM, an algorithm of anomaly detection is presented in this paper, which computes the distance between the processes monitored by intrusion detection system and the perfect normal processes. In this algorithm, we use the average information entropy (AIE) of fixed-length observed sequence as the anomaly detection metric based on maximum entropy principle (MEP). To improve accuracy, the segmental K-means algorithm is applied as training algorithm for the HSMM. By comparing the accurate rate with the experimental results of previous research, it shows that our method can perform a more accurate detection.
doi:10.1016/j.amc.2008.05.028 fatcat:2oijrpiv3jbjznjootafzdgp2y
Citation

Xiaobin Tan, Hongsheng Xi. "Hidden semi-Markov model for anomaly detection." Applied Mathematics and Computation 205.2 (2008) 562-567