An effective HMM-based intrusion detection system with privilege change event modeling

Hyuk Jang Park, Sung Bae Cho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Anomaly detection techniques have been devised to address the limitations of misuse detection approach for intrusion detection. They can abstract information about the normal behaviors of a system and detect attacks regardless of whether or not the system has observed them before. However, they have an inherent difficulty to deal with large volume of audit data to model the normal behaviors. Calculations for each trace in each pass through the training data take O(TS2), where T is the length of the trace in system calls, and S is the number of state in hidden Markov model.

Original languageEnglish
Title of host publicationPRICAI 2002
Subtitle of host publicationTrends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings
PublisherSpringer Verlag
Pages617-618
Number of pages2
Volume2417
ISBN (Print)3540440380, 9783540440383
Publication statusPublished - 2002 Jan 1
Event7th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2002 - Tokyo, Japan
Duration: 2002 Aug 182002 Aug 22

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume2417
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other7th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2002
CountryJapan
CityTokyo
Period02/8/1802/8/22

Fingerprint

Intrusion detection
Intrusion Detection
Hidden Markov models
Trace
Modeling
Audit
Anomaly Detection
Markov Model
Attack
Model

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Park, H. J., & Cho, S. B. (2002). An effective HMM-based intrusion detection system with privilege change event modeling. In PRICAI 2002: Trends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings (Vol. 2417, pp. 617-618). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2417). Springer Verlag.
Park, Hyuk Jang ; Cho, Sung Bae. / An effective HMM-based intrusion detection system with privilege change event modeling. PRICAI 2002: Trends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings. Vol. 2417 Springer Verlag, 2002. pp. 617-618 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{fcc9c5a820be44e3a3bcb8e6da8e8f8d,
title = "An effective HMM-based intrusion detection system with privilege change event modeling",
abstract = "Anomaly detection techniques have been devised to address the limitations of misuse detection approach for intrusion detection. They can abstract information about the normal behaviors of a system and detect attacks regardless of whether or not the system has observed them before. However, they have an inherent difficulty to deal with large volume of audit data to model the normal behaviors. Calculations for each trace in each pass through the training data take O(TS2), where T is the length of the trace in system calls, and S is the number of state in hidden Markov model.",
author = "Park, {Hyuk Jang} and Cho, {Sung Bae}",
year = "2002",
month = "1",
day = "1",
language = "English",
isbn = "3540440380",
volume = "2417",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "617--618",
booktitle = "PRICAI 2002",
address = "Germany",

}

Park, HJ & Cho, SB 2002, An effective HMM-based intrusion detection system with privilege change event modeling. in PRICAI 2002: Trends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings. vol. 2417, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2417, Springer Verlag, pp. 617-618, 7th Pacific Rim International Conference on Artificial Intelligence, PRICAI 2002, Tokyo, Japan, 02/8/18.

An effective HMM-based intrusion detection system with privilege change event modeling. / Park, Hyuk Jang; Cho, Sung Bae.

PRICAI 2002: Trends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings. Vol. 2417 Springer Verlag, 2002. p. 617-618 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2417).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - An effective HMM-based intrusion detection system with privilege change event modeling

AU - Park, Hyuk Jang

AU - Cho, Sung Bae

PY - 2002/1/1

Y1 - 2002/1/1

N2 - Anomaly detection techniques have been devised to address the limitations of misuse detection approach for intrusion detection. They can abstract information about the normal behaviors of a system and detect attacks regardless of whether or not the system has observed them before. However, they have an inherent difficulty to deal with large volume of audit data to model the normal behaviors. Calculations for each trace in each pass through the training data take O(TS2), where T is the length of the trace in system calls, and S is the number of state in hidden Markov model.

AB - Anomaly detection techniques have been devised to address the limitations of misuse detection approach for intrusion detection. They can abstract information about the normal behaviors of a system and detect attacks regardless of whether or not the system has observed them before. However, they have an inherent difficulty to deal with large volume of audit data to model the normal behaviors. Calculations for each trace in each pass through the training data take O(TS2), where T is the length of the trace in system calls, and S is the number of state in hidden Markov model.

UR - http://www.scopus.com/inward/record.url?scp=84894114940&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84894114940&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84894114940

SN - 3540440380

SN - 9783540440383

VL - 2417

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 617

EP - 618

BT - PRICAI 2002

PB - Springer Verlag

ER -

Park HJ, Cho SB. An effective HMM-based intrusion detection system with privilege change event modeling. In PRICAI 2002: Trends in Artificial Intelligence - 7th Pacific Rim International Conference on Artificial Intelligence, Proceedings. Vol. 2417. Springer Verlag. 2002. p. 617-618. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).