Efficient anomaly detection by modeling privilege flows using hidden Markov model

Sung Bae Cho, Hyuk Jang Park

Research output: Contribution to journalArticle

113 Citations (Scopus)

Abstract

Anomaly detection techniques have been devised to address the limitations of misuse detection approaches for intrusion detection with the model of normal behaviors. A hidden Markov model (HMM) is a useful tool to model sequence information, an optimal modeling technique to minimize false-positive error while maximizing detection rate. In spite of high performance, however, it requires large amounts of time to model normal behaviors and determine intrusions, making it difficult to detect intrusions in real-time. This paper proposes an effective HMM-based intrusion detection system that improves the modeling time and performance by only considering the privilege transition flows based on the domain knowledge of attacks. Experimental results show that training with the proposed method is significantly faster than the conventional method trained with all data, without loss of detection performance.

Original languageEnglish
Pages (from-to)45-55
Number of pages11
JournalComputers and Security
Volume22
Issue number1
DOIs
Publication statusPublished - 2003 Jan 1

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law

Fingerprint Dive into the research topics of 'Efficient anomaly detection by modeling privilege flows using hidden Markov model'. Together they form a unique fingerprint.

  • Cite this