A new intrusion detection method based on Fuzzy HMM

Abstract

Because of the excellent performance of the HMM (Hidden Markov Model), it has been widely used in pattern recognition. In recent years, the HMM has also been applied to the intrusion detection. The intrusion detection method based on the HMM is more efficient than other methods. Due to the high false alarm rate in the classical IDS based on HMM, this paper proposes a Fuzzy approach to the Hidden Markov Models (HMM), called Fuzzy Hidden Markov Models (FHMM). It is introduced with the Fuzzy logic. The system has the simplicity and flexibility to adapt pattern changes. With the IDS based on FHMM, its robustness and accurate rate of detection model are greatly improved. For these reasons, a new intrusion detection method based on FHMM was proposed in this paper. The proposed method differs from STIDE in that only one profile is created for the normal behavior of all applications using short sequences of system calls issued by the normal runs of the programs. Subsequent to this, HMM with simple states along with STIDE is used to categorize an unknown programpsilas sequence of system calls to be either normal or an intrusion. The results on 1998 DARPA data show that the our method results in low false positive rate with high detection rate.