Detection and Classification of Network Intrusions using Hidden Markov Models

dc.contributor.advisorBaras, John S.en_US
dc.contributor.authorRadosavac, Svetlanaen_US
dc.contributor.authorBaras, John S.en_US
dc.contributor.departmentISRen_US
dc.date.accessioned2007-05-23T10:13:36Z
dc.date.available2007-05-23T10:13:36Z
dc.date.issued2003en_US
dc.description.abstractThis paper demonstrates that it is possible to model attacks witha low number of states and classify them using Hidden MarkovModels with very low False Alarm rate and very few FalseNegatives. We also show that the models developed can be used forboth detection and classification. We put emphasis on detectionand classification of network intrusions and attacks using HiddenMarkov Models and training on anomalous sequences. We test severalalgorithms, apply different rules for classification and evaluatethe relative performance of these. Several of the attack examplespresented exploit buffer overflow vulnerabilities, due toavailability of data for such attacks. We emphasize that thepurpose of our algorithms is not only the detection andclassification of buffer overflows; they are designed fordetecting and classifying a broad range of attacks.en_US
dc.format.extent257683 bytes
dc.format.mimetypeapplication/pdf
dc.identifier.urihttp://hdl.handle.net/1903/6350
dc.language.isoen_USen_US
dc.relation.ispartofseriesISR; TR 2003-6en_US
dc.subjectGlobal Communication Systemsen_US
dc.titleDetection and Classification of Network Intrusions using Hidden Markov Modelsen_US
dc.typeTechnical Reporten_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
TR_2003-6.pdf
Size:
251.64 KB
Format:
Adobe Portable Document Format