Abstract:
Anomaly detection studies the normal behavior
of the monitored system and then looks out for any
difference in it to detect anomalies or attacks. It is able
to detect new attacks as any attack is assumed to be
different from normal activity. It sometimes sets false
alarms because it erroneously classifies the normal
user behaviors as attacks.Different techniques have
been used for anomaly detector generation.In this
paper, we would like to propose Hidden-Semi Markov
Model (HSMM) as it is introduced in intrusion
detection for several years. Based on this HSMM, an
algorithm of anomaly detection is presented in this
paper, which computes the distance between the
processes monitored by intrusion detection system and
the perfect normal processes. In this algorithm, we use
the average information entropy (AIE) of fixed-length
observed sequence as the anomaly detection metric
based on maximum entropy principle (MEP). To
improve accuracy, the segmental K-means algorithm is
applied as training algorithm for the HSMM. By
comparing the accurate rate with the experimental
results of previous research, it shows that our method
can perform a more accurate detection.
