The Study of Intrusion Prediction Based on HsMM

IEEE Asia-Pacific Services Computing Conference Pub Date : 1900-01-01 DOI:10.1109/APSCC.2008.107

Zhengdao Zhang, Z. Peng, Zhiping Zhou

{"title":"The Study of Intrusion Prediction Based on HsMM","authors":"Zhengdao Zhang, Z. Peng, Zhiping Zhou","doi":"10.1109/APSCC.2008.107","DOIUrl":null,"url":null,"abstract":"Intrusion detection is an important technique in the defense-in-depth network security framework. The IDS continuously watch the activity on a network or computer, looking for attack and intrusion evidences. However, host-based intrusion detectors are particularly vulnerable, as they can be disabled or tampered by successful intruders. In this paper, a hidden semi-Markov models method for predicting the anomaly events and the intentions of possible intruders to a computer system is developed based on the observation of system call sequences. BSM audit data are used as research data sources. The HsMM structure is redefined to describe the intrusion detection. The time duration of the hidden states is computed by contributing the risk factor of every system call. Then the output probability of current system call sequences are calculated to decide whether the current system behavior is normal and compute the anomaly probability of the subsequent system calls. In the addition, the approximate time when the intrusion has established is estimated. The evaluation of the proposed methodology was carried out through DARPA 1998.The experiment result proves that the proposed method can find the attack attempt in advance to gain the precious time of the active intrusion precaution.","PeriodicalId":437766,"journal":{"name":"IEEE Asia-Pacific Services Computing Conference","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Asia-Pacific Services Computing Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/APSCC.2008.107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 16

Abstract

Intrusion detection is an important technique in the defense-in-depth network security framework. The IDS continuously watch the activity on a network or computer, looking for attack and intrusion evidences. However, host-based intrusion detectors are particularly vulnerable, as they can be disabled or tampered by successful intruders. In this paper, a hidden semi-Markov models method for predicting the anomaly events and the intentions of possible intruders to a computer system is developed based on the observation of system call sequences. BSM audit data are used as research data sources. The HsMM structure is redefined to describe the intrusion detection. The time duration of the hidden states is computed by contributing the risk factor of every system call. Then the output probability of current system call sequences are calculated to decide whether the current system behavior is normal and compute the anomaly probability of the subsequent system calls. In the addition, the approximate time when the intrusion has established is estimated. The evaluation of the proposed methodology was carried out through DARPA 1998.The experiment result proves that the proposed method can find the attack attempt in advance to gain the precious time of the active intrusion precaution.

查看原文本刊更多论文

基于HsMM的入侵预测研究

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Asia-Pacific Services Computing Conference

自引率

0.00%

发文量