Effective Anomaly Detection Using Hidden-Semi Markov Model

Abstract

Anomaly detection studies the normal behavior of the monitored system and then looks out for any difference in it to detect anomalies or attacks. It is able to detect new attacks as any attack is assumed to be different from normal activity. It sometimes sets false alarms because it erroneously classifies the normal user behaviors as attacks.Different techniques have been used for anomaly detector generation.In this paper, we would like to propose Hidden-Semi Markov Model (HSMM) as it is introduced in intrusion detection for several years. Based on this HSMM, an algorithm of anomaly detection is presented in this paper, which computes the distance between the processes monitored by intrusion detection system and the perfect normal processes. In this algorithm, we use the average information entropy (AIE) of fixed-length observed sequence as the anomaly detection metric based on maximum entropy principle (MEP). To improve accuracy, the segmental K-means algorithm is applied as training algorithm for the HSMM. By comparing the accurate rate with the experimental results of previous research, it shows that our method can perform a more accurate detection.