An unsupervised anomaly detection approach using subtractive clustering and Hidden Markov Model

被引:0
|
作者
Yang, Chun [1 ]
Deng, Feiqi [1 ]
Yang, Haidong [1 ]
机构
[1] S China Univ Technol, Coll Automat Sci & Engn, Guangzhou 510640, Guangdong, Peoples R China
来源
2007 SECOND INTERNATIONAL CONFERENCE IN COMMUNICATIONS AND NETWORKING IN CHINA, VOLS 1 AND 2 | 2007年
关键词
subtractive clustering; Hidden Markov Model; feature selection; intrusion detection;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Previous Research in network intrusion detection system (NIDS) has typically used misuse detection or supervised anomaly detection techniques. These techniques have difficulty in detecting new types of attacks or causing high false positives in real network environment. Unsupervised anomaly detection can overcome the drawbacks of misuse detection and supervised anomaly detection. In this paper, normal-anomaly patterns are built over the network traffic dataset that uses subtractive clustering, and at the same time the built Hidden Markov Model (HMM) correlates the observation sequences and state transitions to predict the most probable intrusion state sequences. The proposed unsupervised anomaly detection approach is capable of reducing false positives by classifying intrusion sequences into different emergency levels. The experimental results are also reported using the KDDCup'99 dataset and Matlab.
引用
收藏
页码:123 / 126
页数:4
相关论文
共 50 条
  • [1] ANOMALY NETWORK INTRUSION DETECTION USING HIDDEN MARKOV MODEL
    Chen, Chia-Mei
    Guan, Dah-Jyh
    Huang, Yu-Zhi
    Ou, Ya-Hui
    INTERNATIONAL JOURNAL OF INNOVATIVE COMPUTING INFORMATION AND CONTROL, 2016, 12 (02): : 569 - 580
  • [2] Efficient anomaly detection by modeling privilege flows using hidden Markov model
    Cho, SB
    Park, HJ
    COMPUTERS & SECURITY, 2003, 22 (01) : 45 - 55
  • [3] Workload hidden Markov model for anomaly detection
    Garcia, Juan Manuel
    Navarrete, Tomas
    Orozco, Carlos
    SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, 2006, : 56 - +
  • [4] Unknown Anomaly Detection Using Hidden Markov Model and AreaSensing Techniques
    Kurahashi, Setsuya
    Ono, Isao
    TETSU TO HAGANE-JOURNAL OF THE IRON AND STEEL INSTITUTE OF JAPAN, 2020, 106 (02): : 91 - 99
  • [5] Hidden semi-Markov model for anomaly detection
    Tan, Xiaobin
    Xi, Hongsheng
    APPLIED MATHEMATICS AND COMPUTATION, 2008, 205 (02) : 562 - 567
  • [6] Hidden Markov Model Based Anomaly Intrusion Detection
    Jain, Ruchi
    Abouzakhar, Nasser S.
    2012 INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS, 2012, : 528 - 533
  • [7] A protocol anomaly detection method based on optimized hidden Markov model
    Qiu Wei
    Yang Yingjie
    Wang Yongwei
    Chang Dexian
    Liu Jiang
    Hu Hao
    PROCEEDINGS OF THE 4TH INTERNATIONAL CONFERENCE ON MECHATRONICS, MATERIALS, CHEMISTRY AND COMPUTER ENGINEERING 2015 (ICMMCCE 2015), 2015, 39 : 1649 - 1657
  • [8] Method of Behavior Modeling for Detection of Anomaly Behavior using Hidden Markov Model
    Ishii, Haruka
    Kimino, Keisuke
    Inoue, Masahiro
    Arahira, Masaki
    Suzuki, Yayoi
    2018 INTERNATIONAL CONFERENCE ON ELECTRONICS, INFORMATION, AND COMMUNICATION (ICEIC), 2018, : 151 - 154
  • [9] An anomaly intrusion detection Based on Hidden Markov model System Call Sequenc
    Wang, Dongliang
    Wang, Zhigang
    ADVANCED RESEARCH ON AUTOMATION, COMMUNICATION, ARCHITECTONICS AND MATERIALS, PTS 1 AND 2, 2011, 225-226 (1-2): : 609 - +
  • [10] Research on hidden Markov model for system call anomaly detection
    Qian, Quan
    Xin, Mingjun
    INTELLIGENCE AND SECURITY INFORMATICS, 2007, 4430 : 152 - +
12345