AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

Chongya Song; Alexander Pons; Kang Yen

doi:10.3390/app8122421

Applied Sciences (Nov 2018)

AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

Chongya Song,
Alexander Pons,
Kang Yen

Affiliations

Chongya Song: Department of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USA
Alexander Pons: Department of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USA
Kang Yen: Department of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USA

DOI: https://doi.org/10.3390/app8122421
Journal volume & issue: Vol. 8, no. 12
p. 2421

Abstract

Read online

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.

Published in Applied Sciences

ISSN: 2076-3417 (Online)
Publisher: MDPI AG
Country of publisher: Switzerland
LCC subjects: Technology: Engineering (General). Civil engineering (General); Science: Biology (General); Science: Physics; Science: Chemistry
Website: http://www.mdpi.com/journal/applsci

About the journal

Abstract

Keywords