Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model

Intrusion Detection Systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in Intrusion Detection Systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal behavior. In this paper we proposed Hierarchical Gaussian Mixture Model (HGMM) a novel type of Gaussian Mixture which detects network based attacks as anomalies using statistical preprocessing classification. This method learns patterns of normal and intrusive activities to classify that use a set of Gaussian probability distribution functions. The use of Maximum likelihood in detection phase has used the deviation between current and reference behavior. HGMM is evaluated by dataset KDD99 without any special hardware requirements. We compare it with six classification techniques; Gaussian Mixture, Radial Basis Function, Binary Tree Classifier, SOM, ART and LAMSTAR to verify its feasibility and effectiveness. Experimental results show that this method is able to reducing the missing alarm, and can accurately predict probable attack behavior in IDS.