Effective intrusion type identification with edit distance for HMM-based anomaly detection system

Ja Min Koo; Sung Bae Cho

doi:10.1007/11590316_30

Effective intrusion type identification with edit distance for HMM-based anomaly detection system

Ja Min Koo, Sung Bae Cho

College of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.

Original language	English
Title of host publication	Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings
Pages	222-228
Number of pages	7
DOIs	https://doi.org/10.1007/11590316_30
Publication status	Published - 2005
Event	1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005 - Kolkata, India Duration: 2005 Dec 20 → 2005 Dec 22

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	3776 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005
Country/Territory	India
City	Kolkata
Period	05/12/20 → 05/12/22

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11590316_30

Cite this

Koo, J. M., & Cho, S. B. (2005). Effective intrusion type identification with edit distance for HMM-based anomaly detection system. In Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings (pp. 222-228). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3776 LNCS). https://doi.org/10.1007/11590316_30

Koo, Ja Min ; Cho, Sung Bae. / Effective intrusion type identification with edit distance for HMM-based anomaly detection system. Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings. 2005. pp. 222-228 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{05fe5d5810fb49029423261b15ce755b,

title = "Effective intrusion type identification with edit distance for HMM-based anomaly detection system",

abstract = "As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.",

author = "Koo, {Ja Min} and Cho, {Sung Bae}",

year = "2005",

doi = "10.1007/11590316_30",

language = "English",

isbn = "3540305068",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "222--228",

booktitle = "Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings",

note = "1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005 ; Conference date: 20-12-2005 Through 22-12-2005",

}

Koo, JM & Cho, SB 2005, Effective intrusion type identification with edit distance for HMM-based anomaly detection system. in Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3776 LNCS, pp. 222-228, 1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005, Kolkata, India, 05/12/20. https://doi.org/10.1007/11590316_30

Effective intrusion type identification with edit distance for HMM-based anomaly detection system. / Koo, Ja Min; Cho, Sung Bae.
Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings. 2005. p. 222-228 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3776 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Effective intrusion type identification with edit distance for HMM-based anomaly detection system

AU - Koo, Ja Min

AU - Cho, Sung Bae

PY - 2005

Y1 - 2005

N2 - As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.

AB - As computer security becomes important, various system security mechanisms have been developed. Especially anomaly detection using hidden Markov model has been actively exploited. However, it can only detect abnormal behaviors under predefined threshold, and it cannot identify the type of intrusions. This paper aims to identify the type of intrusions by analyzing the state sequences using Viterbi algorithm and calculating the distance between the standard state sequence of each intrusion type and the current state sequence. Because the state sequences are not always extracted consistently due to environmental factors, edit distance is utilized to measure the distance effectively. Experimental results with buffer overflow attacks show that it identifies the type of intrusions well with inconsistent state sequences.

UR - http://www.scopus.com/inward/record.url?scp=33646726579&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33646726579&partnerID=8YFLogxK

U2 - 10.1007/11590316_30

DO - 10.1007/11590316_30

M3 - Conference contribution

AN - SCOPUS:33646726579

SN - 3540305068

SN - 9783540305064

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 222

EP - 228

BT - Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings

T2 - 1st International Conference on Pattern Recognition and Machine Intelligence, PReMI 2005

Y2 - 20 December 2005 through 22 December 2005

ER -

Koo JM, Cho SB. Effective intrusion type identification with edit distance for HMM-based anomaly detection system. In Pattern Recognition and Machine Intelligence - First International Conference, PReMI 2005, Proceedings. 2005. p. 222-228. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11590316_30

Effective intrusion type identification with edit distance for HMM-based anomaly detection system

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this