Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern

DUAN Xue-tao1; JIA Chun-fu 1; LIU Chun-bo1

Tongxin xuebao (Jan 2010)

Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern

DUAN Xue-tao1,
JIA Chun-fu 1,
LIU Chun-bo1

Affiliations

DUAN Xue-tao1
JIA Chun-fu 1
LIU Chun-bo1

Journal volume & issue: Vol. 31
pp. 109 – 114

Abstract

Read online

The defects of intrusion detection using fixed-length short system call sequences were analyzed. A method of extracting variable-length short system call sequences, grounded on the function return addresses stored in the process stacks, was proposed. Based on the hierarchical relationship and the state transition characteristics of the variable-length semantic patterns, a hierarchical hidden Markov intrusion detection model was presented. The experimental results show that the hierarchical hidden Markov intrusion detection model is superior to the traditional hidden Markov model.

intrusion detection;hierarchical hidden Markov model;system call;variable-length semantic pattern;process stack

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords