Detection and Classification of Network Intrusions Using Hidden Markov Models
Abstract
With the increased use of networked computers for critical systems, network security is attracting increasing attention and computer network intrusions have become a significant threat to communication and computer networks in recent years. The models developed in this thesis represent the first step in the modeling of network attacks. The thesis demonstrates that models that represent network attacks can be developed and used for both detection and classification. In this thesis, the author focuses on detection and classification of network intrusions and attacks using Hidden Markov Models and training on anomalous sequences. She tests several algorithms, applies different rules for classification, and then evaluates their relative performance. She emphasizes one particular classification algorithm that is not dependent on data set properties. Several of the attack examples presented exploit buffer overflow vulnerabilities. The author demonstrates that models for other attacks can be built following these methods, but could not be tested due to lack of data. The method proposed in this thesis is highly efficient; it captures characteristic features of attacks in a short period of time using a very low number of sequences.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2002
- Accession Number
- ADA438667
Entities
People
- Svetlana Radosavac
Organizations
- University of Maryland