Journal
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS
Volume 32, Issue 6, Pages 1219-1228Publisher
ACADEMIC PRESS LTD- ELSEVIER SCIENCE LTD
DOI: 10.1016/j.jnca.2009.05.004
Keywords
Anomaly intrusion detection; Fuzzy logic; Program intrusion detection; Hidden Markov model; Multiple detection engines
Categories
Funding
- ARC (Australia Research Council) [LP0455324, DP0985838]
- National Foundation for Science and Technology Development (NAFOSTED) of Vietnam
- Australian Research Council [LP0455324] Funding Source: Australian Research Council
Ask authors/readers for more resources
In this paper, a hybrid anomaly intrusion detection scheme using program system calls is proposed. In this scheme, a hidden Markov model (HMM) detection engine and a normal database detection engine have been combined to utilise their respective advantages. A fuzzy-based inference mechanism is used to infer a soft boundary between anomalous and normal behaviour, which is otherwise very difficult to determine when they overlap or are very close. To address the challenging issue of high cost in HMM training, an incremental HMM training with optimal initialization of HMM parameters is suggested. Experimental results show that the proposed fuzzy-based detection scheme can reduce false positive alarms by 48%, compared to the single normal database detection scheme. Our HMM incremental training with the optimal initialization produced a significant improvement in terms of training time and storage as well. The HMM training time was reduced by four times and the memory requirement was also reduced significantly (C) 2009 Elsevier Ltd. All rights reserved
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available
Share Paper
