Skip to main content
SpringerLink
Log in

Efficient Modeling of Discrete Events for Anomaly Detection Using Hidden Markov Models

  • Conference paper
Information Security (ISC 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3650))

Included in the following conference series:

Abstract

Anomaly detection systems are developed by learning a baseline-model from a set of events captured from a computer system operating under normal conditions. The model is then used to recognize unusual activities as deviations from normality. Hidden Markov models (HMMs) are powerful probabilistic finite state machines that have been used to acquire these baseline-models. Although previous research has indicated that HMMs can effectively represent complex sequences, the traditional learning algorithm for HMMs is too computationally expensive for use with real-world anomaly detection systems. This paper describes the use of a novel incremental learning algorithm for HMMs that allows the efficient acquisition of anomaly detection models. The new learning algorithm requires less memory and training time than previous approaches for learning discrete HMMs and can be used to perform online learning of accurate baseline-models from complex computer applications to support anomaly detection.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Warrender, C., Forrest, S., Pearlmutter, B.A.: Detecting intrusions using system calls: Alternative data models. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 133–145 (1999)

    Google Scholar 

  2. Florez, G., Liu, Z., Bridges, S., Skjellum, A., Vaughn, R.: Lightweight monitoring of MPI programs in real-time. To Appear in Concurrency and Computation: Practice and Experience (2005)

    Google Scholar 

  3. Lane, T.: Hidden Markov Models for human/computer interface modeling. In: Proceedings of the, IJCAI Workshop on Learning About Users, pp. 35–44 (1999)

    Google Scholar 

  4. Barbara, D., Goel, R., Jajodia, S.: Mining malicious data corruption with Hidden Markov Models. In: Proceedings of the 16th Annual IFIP Working Conference on Data and Application Security, Cambridge, England (2002)

    Google Scholar 

  5. Forrest, S., Longstaff, T.A.: A sense of self for UNIX processes. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy, Los Alamitos, CA, pp. 120–128. IEEE Computer Society Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  6. Tan, K., Maxion, R.: Determining the operational limits of an anomaly-based intrusion detector. IEEE Journal on Selected Areas in Communications, Special Issue on Design and Analysis Techniques for Security Assurance 21, 96–110 (2003)

    Google Scholar 

  7. Siraj, A., Bridges, S., Vaughn, R.: Fuzzy cognitive maps for decision support in an intelligent intrusion detection system. In: International Fuzzy Systems Association/ North American Fuzzy Information Processing Society (IFSA/NAFIPS) Conference on Soft Computing, Vancouver, Canada (2001)

    Google Scholar 

  8. Florez, G., Liu, Z., Bridges, S., Vaughn, R.: Integrating intelligent anomaly detection agents into distributed monitoring systems. Journal of Network and Computer Applications (2005) (to appear)

    Google Scholar 

  9. Rabiner, L.: A tutorial on Hidden Markov Models and selected applications in speech recognition. Proceedings of the IEEE 77(2), 257–286 (1989)

    Article  Google Scholar 

  10. MacDonald, I., Zucchini, W.: Hidden Markov and Other Models for Discrete-valued Time Series. Monographs on Statistics and Applied Probability. Chapman and HALL/CRC (1997)

    Google Scholar 

  11. Lane, T.: Machine Learning Techniques for the Computer Security Domain of Anomaly Detection. PhD thesis, Purdue University (2000)

    Google Scholar 

  12. Kettnaker, V.M.: Time-dependent HMMs for visual intrusion detection. In: Proceedings of the 2003 Conference on Computer Vision and Pattern Recognition Workshop, Madison, Wisconsin (2003)

    Google Scholar 

  13. Stenger, B., Ramesh, V., Paragios, N., Coetzee, F., Buhmann, J.M.: Topology free Hidden Markov Models: Application to background modeling. In: Proceedings of the International Conference on Computer Vision, Vancouver, Canada, pp. 297–301 (2001)

    Google Scholar 

  14. Florez-Larrahondo, G., Bridges, S., Hansen, E.A.: Incremental estimation of discrete hidden markov models based on a new backward procedure. In: 20th National Conference on Artificial Intelligence (AAAI 2005), Pittsburgh, Pennsylvania (2005) (to appear)

    Google Scholar 

  15. Cunningham, R., Lippmann, R.P., Fried, D.J., Garfikle, S.L.: Evaluating intrusion detection systems without attacking your friends: The 1998 darpa intrusion detection evaluation. Network Intrusion Detection (1999)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Mississippi State University, Mississippi State, MS, 39762, USA

    German Florez-Larrahondo, Susan M. Bridges & Rayford Vaughn

Authors
  1. German Florez-Larrahondo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Susan M. Bridges
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rayford Vaughn
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  3. School of Information Systems, Singapore Management University, Singapore

    Robert H. Deng

  4. Institute for Infocomm Research, 119613, Singapore

    Feng Bao

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Florez-Larrahondo, G., Bridges, S.M., Vaughn, R. (2005). Efficient Modeling of Discrete Events for Anomaly Detection Using Hidden Markov Models. In: Zhou, J., Lopez, J., Deng, R.H., Bao, F. (eds) Information Security. ISC 2005. Lecture Notes in Computer Science, vol 3650. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11556992_38

Download citation

  • DOI: https://doi.org/10.1007/11556992_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29001-8

  • Online ISBN: 978-3-540-31930-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation