A New Anomaly Detection Method Based on Hierarchical HMM
The state transition, which is hidden in the hidden Markov model (HMM), can be used to characterize the intrinsic difference between normal action and intrusion behavior. So HMM is an efficient way to detect anomalies. In this paper, a new anomaly detection method based on a hierarchical HMM is proposed based on the concept of normal database and abnormal database. It is shown by analysis and simulation results that the proposed method is effective to increase the accuracy of anomaly detection.
Anomaly detection hidden Markov model (HMM) intrusion detection system (IDS)
Xiaoqiang Zhang Pingzhi Fan Zhongliang Zhu
School of Computer and Communications Enginerring, Southwest Jiaotong University Chengdu 610031, China
国际会议
成都
英文
249-252
2003-08-27(万方平台首次上网日期,不代表论文的发表时间)