On-line Adaptive IDS Scheme for Detecting Unknown Network Attacks Using HMM Models

Abstract

An important problem in designing IDS schemes is an optimal trade-off between good detection and false alarm rate. Specifically, in order to detect unknown network attacks, existing IDS schemes use anomaly detection which introduces a high false alarm rate. In this thesis we propose an IDS scheme based on overall behavior of the network. We capture the behavior with probabilistic models (HMM) and use only limited logic information about attacks. Once we set the detection rate to be high, we filter out false positives through stages. The key idea is to use probabilistic models so that even an unknown attack can be detected, as well as a variation of a previously known attack. The scheme is adaptive and real-time Simulation study showed that we can have a perfect detection of both known and unknown attacks while maintaining a very low false alarm rate.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2005
Accession Number
ADA438746

Entities

People

  • Irena Bojanic

Organizations

  • University of Maryland

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computational Science
  • Computer Programs
  • Computers
  • Denial Of Service Attack
  • Detection
  • Engineering
  • False Alarms
  • Hidden Markov Models
  • Intrusion Detection
  • Intrusion Detection Systems
  • Intrusion Detectors
  • Law
  • Operating Systems
  • Probabilistic Models
  • Probability
  • Probability Distributions
  • Simulations

Fields of Study

  • Computer science

Readers

  • Neural Network Machine Learning.
  • Sensor Fusion and Tracking Systems.