A protocol anomaly detection method based on optimized hidden Markov model
- DOI
- 10.2991/icmmcce-15.2015.314How to use a DOI?
- Keywords
- Intrusion detection; protocol anomaly; genetic algorithm; hidden Markov model; parameter optimization
- Abstract
As to solve the issues of insufficient training data and initial parameters sensitive in existing protocol anomaly detection based on hidden Markov model, presenting a new protocol anomaly detection method based on improved genetic algorithm and hidden Markov model. First, the local competitive selection strategy, arithmetic crossover and adaptive non-uniform mutation operator were used to improve the genetic algorithm, in order to avoid the "premature" and "stagnation" problem in traditional genetic algorithm; then, the improved genetic algorithm was recommended to optimize the initial parameters of hidden Markov model to avoid the initial model parameters sensitive issue; and finally, the keyword and keyword interval were taken as training observations, describe the behavior of protocol details to expand the training sample space. Experimental results on DARPA 1999 data set show that the method has a high detection rate and low false alarm rate.
- Copyright
- © 2015, the Authors. Published by Atlantis Press.
- Open Access
- This is an open access article distributed under the CC BY-NC license (http://creativecommons.org/licenses/by-nc/4.0/).
Cite this article
TY - CONF AU - Wei Qiu AU - Yingjie Yang AU - Yongwei Wang AU - Dexian Chang AU - Jiang Liu AU - Hao Hu PY - 2015/12 DA - 2015/12 TI - A protocol anomaly detection method based on optimized hidden Markov model BT - Proceedings of the 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering 2015 PB - Atlantis Press SN - 2352-538X UR - https://doi.org/10.2991/icmmcce-15.2015.314 DO - 10.2991/icmmcce-15.2015.314 ID - Qiu2015/12 ER -