Summary
International Technical Conference on Circuits/Systems, Computers and Communications
2008
Session Number:C3
Session:
Number:C3-5
Anomaly Detection based on Probabilistic Properties of Hidden Markov Models
Eunyoung Lee, Chan-Kyu Han, Hyoung-Kee Choi,
pp.-
Publication Date:2008/7/7
Online ISSN:2188-5079
Summary:
Due to increasing use of the Internet, there is a trend of increasing attacks over networks. Therefore, we have need of study for network anomaly detection and measurement scheme to network state. In this research, we propose a scheme for anomaly detection based on the traffic behavior of Hidden Markov Models. The proposed scheme detects anomalies in traffic using a time series. We decide whether or not anomaly detection is a network anomaly via an anomaly decision process using Hidden Markov Models. These processes are implemented in the Perl programming language, and decisions are made using a real-world trace containing de facto attacks. Despite the fact that the results are not clear-cut, we conclude that this does not invalidate this study, because this result is caused by an insufficient learning process using real-world traffic. On the contrary, assuming real-world states, increases the ability to detect and make decisions about attacks, because the manager is involved in decisions about access or application. We expect that this research will be applicable for determining real-time states of networks, detection and classification of new types of attack from networks.