Combining incremental hidden Markov model and Adaboost algorithm for anomaly intrusion detection

Yu Shu Chen, Yi Ming Chen

研究成果: 書貢獻/報告類型會議論文篇章同行評審

21 引文 斯高帕斯(Scopus)

摘要

Traditional Hidden Markov Model (HMM) has been successfully applied to anomaly intrusion detection. Incremental HMM (IHMM) further improves the training time of HMM. However, both HMM and IHMM still have the problem of high false positive rate. In this paper, we propose an Adaboost-IHMM to combine IHMM and adaboost for anomaly intrusion detection. As adaboost firstly uses many IHMMs to collectively classify samples then decides the results of samples' classifications, the Adaboost-IHMM can improve the accurate rate of classifications. Experimental results with Stide datasets show that the proposed method can significantly improve the false positive rate by 70% without decreasing detection rate. Besides, we also propose a method to adjust the normal profile for avoiding erroneous detection caused by changes of normal behavior. We perform with experiments with realistic datasets extracted from the use of popular browsers. Compared with traditional HMM method, our method can improve the training time by 90% to build a new normal profile.

原文???core.languages.en_GB???
主出版物標題Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD in Conjunction with SIGKDD'09
頁面3-9
頁數7
DOIs
出版狀態已出版 - 2009
事件ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD in Conjunction with SIGKDD'09 - Paris, France
持續時間: 28 6月 200928 6月 2009

出版系列

名字Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD in Conjunction with SIGKDD'09

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics, CSI-KDD in Conjunction with SIGKDD'09
國家/地區France
城市Paris
期間28/06/0928/06/09

指紋

深入研究「Combining incremental hidden Markov model and Adaboost algorithm for anomaly intrusion detection」主題。共同形成了獨特的指紋。

引用此