An Intrusion Detection Based on Markov Model

Li, Hai Sheng

doi:10.4028/www.scientific.net/AMR.268-270.988

Paper Titles

Composite Morphological Approach for Skeleton Extraction
p.966

A New Speech Enhancement Method Based on Genetic Algorithm
p.969

Design and Implementation of Minimum Hop Routing Algorithm with Reliability Assurance for WSN
p.975

Using Depth Image in 3D Model Retrieval System
p.981

An Intrusion Detection Based on Markov Model
p.988

Research on Construction of K-d Tree Based on Euclidean Distance
p.994

A Two-Layered Model for Distributed Data Mining in Grid Environments
p.1000

The Implementation of Data Warehouse Supporting Intuitionistic Fuzzy Data
p.1006

The Research of Tri-Networks Integration Security Control System
p.1012

HomeAdvanced Materials ResearchComputational Materials ScienceAn Intrusion Detection Based on Markov Model

An Intrusion Detection Based on Markov Model

Abstract:

This paper presents an Intrusion detection technique through anomaly-detection, and proposes Modeling algorithm using training data and anomaly detection model. In this technique, a Markov-chain model is founded based on the characteristic pattern, which is a subsequence of system calls if this sequence satisfies the certain support degree. Experiments show that the method with high detection rate and low false alarm rate is valuable to intrusion detection.

Info:

Periodical:

Advanced Materials Research (Volumes 268-270)

Main Theme:

Computational Materials Science

Edited by:

Feng Xiong

Pages:

988-993

DOI:

https://doi.org/10.4028/www.scientific.net/AMR.268-270.988

Citation:

H. S. Li, "An Intrusion Detection Based on Markov Model", Advanced Materials Research, Vols. 268-270, pp. 988-993, 2011

Online since:

July 2011

Authors:

Hai Sheng Li

Keywords:

Characteristic Pattern, Intrusion Detection, Markov Chain (MC), System Call

Export:

RIS, BibTeX

Price:

$38.00

Permissions:

Request Permissions

Add to Cart

References

[1] Nong Ye, Yebin Zhang, I.G. Fovino, and Connie M. Borror, Robustness of the Markov-Chain Model for Cyber-Attack Detection, IEEE Trans. on rel., vol. 53, no. 1, March (2004).

DOI: https://doi.org/10.1109/tr.2004.823851

[2] W. Stallings, Network and Inter-network Security Principles and Practice: Prentice Hall, (1995).

[3] C. Kaufman, R. Perlman, and M. Speciner, Network Security: PrivateCommunication in a Public World: Prentice Hall, (1995).

[4] T. Escamilla, Intrusion Detection: Network Security Beyond the Firewall: John Wiley & Sons, (1998).

[5] Forrest S. , Hofmeyr S. A. , Somayaji A. , Longstaff T. A. . Asense of self for unix processes. In : Proceedings of the 1996 IEEE Symposium on Security and Privacy. Oakland , Califor nia , 1996 , 120～128.

DOI: https://doi.org/10.1109/secpri.1996.502675

[6] C. Warrender, S. Forrest, and B. Pearlmutter, Detecting intrusions using system calls: Alternative data models, in Proc. 1999 IEEE Symp. Security and Privacy, p.133–145.

DOI: https://doi.org/10.1109/secpri.1999.766910

[7] L IN Guo Yuan, GUO Shan Qing, HUAN G Hao, CAO Tian Jie, An Anomaly Detection Model Based on Dynamic Behavior and Character Patterns. Chinese Journal of Computers, 2006, 29(9): 1553-1560.

[8] W. L. Winston, Operations Research: Applications and Algorithms: Duxbury Press, (1994).

[9] P. Buttorp, Stochastic Modeling of Scientific Data: Chapman & Hall, (1995).

[10] A. Gelman, J. B. Carlin, H. S. Stern, and D. B. Rubin, Bayesian Data Analysis: Chapman & Hall, (1995).

[11] I. L. MacDonald and W. Zucchini, Hidden Markov and Other Models for Discrete Valued Time Series: Chapman & Hall, (1997).

[12] T. M. Mitchell, Machine Learning: McGraw-Hill, (1997).

[13] F. V. Jensen, An Introduction to Bayesian Networks: UCL Press, (1996).

[14] Mukkamala S. , J anowski G. , Sung A. H. . Intrusion detection using neural networks and support vector machines. In : Proceedings of the IEEE International Joint Conference on Neural Networks ( IJCNN) , Honolulu , 2002 , 1702～1707.

DOI: https://doi.org/10.1109/ijcnn.2002.1007774

[15] Kamver S D, Schlosser M T, Garcia-Molina H. The Eigentrust Algorithm for Reputation Management in P2P Networks[C]/Proc. of the 12th Int'l World Wide Web Conference. Budapest, Hungary: ACM Press, (2003).

DOI: https://doi.org/10.1145/775240.775242

[16] Lee Wenke, Xiang Dong. Information, heoretic measures for anomaly detection. In : Proceedings of t he 2001 IEEE Symposium on Security and Privacy , Oakland , California , USA , 2001 , 130～143.

DOI: https://doi.org/10.1109/secpri.2001.924294

Paper TitlePages

Intrusion Detection Method Based on Frequent Pattern

Authors: Jie Yu, Guo Xiang Yao, Wei Wei Zhang

Abstract: As the surging development of the information technology, Intrusion Detection System has been devised for the safety of computer network. This paper focuses on the method of frequent pattern based intrusion detection. A new formula measuring the normal degree of a transaction is presented. We propose a new algorithm to calculate each transaction’s normal degree as well as detect intrusions. Experiment results show that the proposed algorithm is competent in detecting intrusions with high detection rate and relatively low false positive rate.

1751

Active Detection of Application Layer Attacks Based on Analysis of HTTP-Session

Authors: Jie Liang, Jian Wei Sun

Abstract: Application layer vulnerabilities represent a substantial portion of the security exposures of computer networks. In this paper, we explore the effectiveness of HTTP-session model to effectively describe web access behavior. HTTP-sessions are extracted from http requests as accessed by users. Based on the HTTP-session model and the analysis of web based attacks, we present an active anomaly detection framework to detect web based attacks. We demonstrate the effectiveness of the proposed methods via simulation studies using real-world web access requests. The result shows that our methods can effectively detect the application layer attacks.

1253

Research on Intrusion Detection Method Based on Neural Network

Authors: Chi Xu, Jin Chen

Abstract: This paper describes in Using Self-Organizing Map (SOM) neural networks and its auto-clustering ability to study intrusion detection. The feature pattern of each SOM unit is constructed using PCA feature extraction method and a simplified PCASOM model is proposed. An online learning algorithm is also given and its properties are analyzed. And then the simulation result was given.

1479

Application in Avionics Anomaly Detection Using Multi-Variant Hotelling T² Statistics

Authors: Yi Wang, Ming Qing Xiao, Sheng Sheng, Liang Liang Zhao

Abstract: This article proposes a framework of in-situ monitoring for anomaly detection of avionics, Uses the multi-variant Hotelling T2 statistics to form a quickly reference to the anomaly behavior. The proposed method can be used to solve the data driven Prognostics and Health Management problem to detect the anomaly behavior of equipment as well as the potential isolation and diagnosis of the symptoms of incoming faults. The article also gives a structure of an on-line test and monitoring system prototype, based on the legacy on-line test system, as well as developed a basic information gathering route and a multi-variant test based anomaly detection method. A fault injection based simulation experiment was formed to validate the performance of the system and method under consideration. The results shows that the proposed method has a solid mathematics fundamental and the advantages as well as good performance, worth to be spread.

473

Based on the Fractal Technology of Harmonic Detection Method in Power System

Authors: Yan Hong Li, Tian Dong Yu, Shu Liang Li

Abstract: The harmonic pollution is one of the serious problems which impact on power system security and stability. With the development of power electronic technology, harmonic problems become increasingly prominent. Harmonic detection is an important content in the harmonic problems, is the base to solve the problem of harmonic. The harmonic of power system have characteristics of random and nonstationary, not easy to detect, in recent years, a variety of detection methods emerge in an endless stream, this paper introduces a technique of detecting harmonics in power system by using fractal method, this method by calculating the dynamic waveform grid fractal dimension, setting threshold value, and determines the waveform distortion occurring time. After the theoretical analysis and practical measurement, this method can be effectively used on harmonic detection and can meet the requirements in speed and accuracy.

1593