Anomaly intrusion detection method based on HMM

被引:80
作者
Qiao, Y [1 ]
Xin, XW
Bin, Y
Ge, S
机构
[1] Xidian Univ, Grad Sch, Xian, Peoples R China
[2] Shenzhen Univ, President Off, Shen Zhen, Peoples R China
来源
ELECTRONICS LETTERS | 2002年 / 38卷 / 13期
关键词
D O I
10.1049/el:20020467
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
An anomaly intrusion detection method based on HMM is presented, The system call trace of a UNIX privileged process is passed to a HMM to obtain state transition sequences. Preliminary experiments prove the state transition sequences can express the different mode between normal action and intrusion behaviour in a more stable and simple manner.
引用
收藏
页码:663 / 664
页数:2
相关论文
共 3 条
[1]  
Dugad Rakesh, 1996, TUTORIAL HIDDEN MARK
[2]   A sense of self for unix processes [J].
Forrest, S ;
Hofmeyr, SA ;
Somayaji, A ;
Longstaff, TA .
1996 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, PROCEEDINGS, 1996, :120-128
[3]   Detecting intrusions using system calls: Alternative data models [J].
Warrender, C ;
Forrest, S ;
Pearlmutter, B .
PROCEEDINGS OF THE 1999 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 1999, :133-145
1