An Intrusion Detection Based on Markov Model


Article Preview

This paper presents an Intrusion detection technique through anomaly-detection, and proposes Modeling algorithm using training data and anomaly detection model. In this technique, a Markov-chain model is founded based on the characteristic pattern, which is a subsequence of system calls if this sequence satisfies the certain support degree. Experiments show that the method with high detection rate and low false alarm rate is valuable to intrusion detection.



Advanced Materials Research (Volumes 268-270)

Edited by:

Feng Xiong




H. S. Li, "An Intrusion Detection Based on Markov Model", Advanced Materials Research, Vols. 268-270, pp. 988-993, 2011

Online since:

July 2011





[1] Nong Ye, Yebin Zhang, I.G. Fovino, and Connie M. Borror, Robustness of the Markov-Chain Model for Cyber-Attack Detection, IEEE Trans. on rel., vol. 53, no. 1, March (2004).


[2] W. Stallings, Network and Inter-network Security Principles and Practice: Prentice Hall, (1995).

[3] C. Kaufman, R. Perlman, and M. Speciner, Network Security: PrivateCommunication in a Public World: Prentice Hall, (1995).

[4] T. Escamilla, Intrusion Detection: Network Security Beyond the Firewall: John Wiley & Sons, (1998).

[5] Forrest S. , Hofmeyr S. A. , Somayaji A. , Longstaff T. A. . Asense of self for unix processes. In : Proceedings of the 1996 IEEE Symposium on Security and Privacy. Oakland , Califor nia , 1996 , 120~128.


[6] C. Warrender, S. Forrest, and B. Pearlmutter, Detecting intrusions using system calls: Alternative data models, in Proc. 1999 IEEE Symp. Security and Privacy, p.133–145.


[7] L IN Guo Yuan, GUO Shan Qing, HUAN G Hao, CAO Tian Jie, An Anomaly Detection Model Based on Dynamic Behavior and Character Patterns. Chinese Journal of Computers, 2006, 29(9): 1553-1560.

[8] W. L. Winston, Operations Research: Applications and Algorithms: Duxbury Press, (1994).

[9] P. Buttorp, Stochastic Modeling of Scientific Data: Chapman & Hall, (1995).

[10] A. Gelman, J. B. Carlin, H. S. Stern, and D. B. Rubin, Bayesian Data Analysis: Chapman & Hall, (1995).

[11] I. L. MacDonald and W. Zucchini, Hidden Markov and Other Models for Discrete Valued Time Series: Chapman & Hall, (1997).

[12] T. M. Mitchell, Machine Learning: McGraw-Hill, (1997).

[13] F. V. Jensen, An Introduction to Bayesian Networks: UCL Press, (1996).

[14] Mukkamala S. , J anowski G. , Sung A. H. . Intrusion detection using neural networks and support vector machines. In : Proceedings of the IEEE International Joint Conference on Neural Networks ( IJCNN) , Honolulu , 2002 , 1702~1707.


[15] Kamver S D, Schlosser M T, Garcia-Molina H. The Eigentrust Algorithm for Reputation Management in P2P Networks[C]/Proc. of the 12th Int'l World Wide Web Conference. Budapest, Hungary: ACM Press, (2003).


[16] Lee Wenke, Xiang Dong. Information, heoretic measures for anomaly detection. In : Proceedings of t he 2001 IEEE Symposium on Security and Privacy , Oakland , California , USA , 2001 , 130~143.