Effective intrusion type identification with edit distance for HMM-based anomaly detection system

Ja Min Koo, Sung Bae Cho

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.

Original languageEnglish
Title of host publicationPattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings
Pages222-228
Number of pages7
DOIs
Publication statusPublished - 2005 Dec 1
Event1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005 - Kolkata, India
Duration: 2005 Dec 202005 Dec 22

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3776 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005
CountryIndia
CityKolkata
Period05/12/2005/12/22

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Effective intrusion type identification with edit distance for HMM-based anomaly detection system'. Together they form a unique fingerprint.

  • Cite this

    Koo, J. M., & Cho, S. B. (2005). Effective intrusion type identification with edit distance for HMM-based anomaly detection system. In Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings (pp. 222-228). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3776 LNCS). https://doi.org/10.1007/11590316_30