Sciweavers

HICSS
2003
IEEE

Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks

14 years 4 months ago
Applications of Hidden Markov Models to Detecting Multi-Stage Network Attacks
This paper describes a novel approach using Hidden Markov Models (HMM) to detect complex Internet attacks. These attacks consist of several steps that may occur over an extended period of time. Within each step, specific actions may be interchangeable. A perpetrator may deliberately use a choice of actions within a step to mask the intrusion. In other cases, alternate action sequences may be random (due to noise) or because of lack of experience on the part of the perpetrator. For an intrusion detection system to be effective against complex Internet attacks, it must be capable of dealing with the ambiguities described above. We describe research results concerning the use of HMMs as a defense against complex Internet attacks. We describe why HMMs are particularly useful when there is an order to the actions constituting the attack (that is, for the case where one action must precede or follow another action in order to be effective). Because of this property, we show that HMMs are wel...
Dirk Ourston, Sara Matzner, William Stump, Bryan H
Added 04 Jul 2010
Updated 04 Jul 2010
Type Conference
Year 2003
Where HICSS
Authors Dirk Ourston, Sara Matzner, William Stump, Bryan Hopkins
Comments (0)