Efficient anomaly detection by modeling privilege flows using hidden Markov model

Sung Bae Cho, Hyuk Jang Park

Research output: Contribution to journalArticlepeer-review

125 Citations (Scopus)


Anomaly detection techniques have been devised to address the limitations of misuse detection approaches for intrusion detection with the model of normal behaviors. A hidden Markov model (HMM) is a useful tool to model sequence information, an optimal modeling technique to minimize false-positive error while maximizing detection rate. In spite of high performance, however, it requires large amounts of time to model normal behaviors and determine intrusions, making it difficult to detect intrusions in real-time. This paper proposes an effective HMM-based intrusion detection system that improves the modeling time and performance by only considering the privilege transition flows based on the domain knowledge of attacks. Experimental results show that training with the proposed method is significantly faster than the conventional method trained with all data, without loss of detection performance.

Original languageEnglish
Pages (from-to)45-55
Number of pages11
JournalComputers and Security
Issue number1
Publication statusPublished - 2003

Bibliographical note

Funding Information:
This paper was supported by a grant from the Ministry of Information and Communication in Korea.

All Science Journal Classification (ASJC) codes

  • Computer Science(all)
  • Law


Dive into the research topics of 'Efficient anomaly detection by modeling privilege flows using hidden Markov model'. Together they form a unique fingerprint.

Cite this