Detection and Classification of Network Intrusions using Hidden Markov Models

Loading...
Thumbnail Image

Files

MS_2003-1.pdf (711.12 KB)
No. of downloads: 2505

Publication or External Link

Date

2003

Citation

DRUM DOI

Abstract

With the increased use of networked computers for criticalsystems, network security is attracting increasing attention andcomputer network intrusions have become a significant threat tocommunication and computer networks in recent years.

The models developed in this thesis represent the first step inmodelling of network attacks. The thesis demonstrates that modelsthat represent network attacks can be developed and used for bothdetection and classification. In this thesis we put emphasis ondetection and classification of network intrusions and attacksusing Hidden Markov Models and training on anomalous sequences. Wetest several algorithms, apply different rules for classificationand evaluate the relative performance of these. We put emphasis onone particular classification algorithm that is not dependent ondata set properties. Several of the attack examples presentedexploit buffer overflow vulnerabilities, due to availability ofdata for such attacks. We demonstrate that models for otherattacks can be built following our methods but could not be testeddue to lack of data.

The new method proposed in this thesis is highly efficient andcaptures characteristic features of attacks in short period of timeusing very low number of sequences.

Notes

Rights