Name
Title | ||
|---|---|---|
Network anomaly detection by continuous hidden markov models: An evolutionary programming approach |
Abstract | ||
|---|---|---|
Information security is an important and growing need. The most common schemes used for detection systems include pattern-or signature-based and anomaly-based. Anomaly-based schemes use a set of metrics, which outline the normal system behavior and any significant deviation from the established profile will be treated as an anomaly. This paper contributes with an anomaly-based scheme that monitors the bandwidth consumption of a subnetwork, at the Universidad Michoacana, in Mexico. A normal behavior model is based on bandwidth consumption of the subnetwork. The presence of an anomaly indicates that something is misusing the network viruses, worms, denial of service, or any other kind of attack. This work also presents a scheme for an automatic architecture design and parameters optimization of Hidden Markov Models HMMs, based on Evolutionary Programming EP. The variables to be used by the HMMs are: the bandwidth consumption of network IN and OUT, and the associated time where the network activity occurs. The system was tested with univariate and bivariate observation sequences to analyze and detect anomaly behavior. The HMMs, designed and trained by EP, were compared against semi-random HMMs trained by the Baum-Welch algorithm. On a second experiment, the HMMs, designed and trained by EP, were compared against HMMs created by an expert user. The HMMs outperformed the other methods in all cases. Finally, we made the HMMs time-aware, by including time as another variable. This inclusion made the HMMs capable of detecting activity patterns that are normal during a period of time but anomalous at other times. For instance, a heavy load on the network may be completely normal during working times, but anomalous at nights or weekends. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.3233/IDA-150722 | Intell. Data Anal. |
Keywords | Field | DocType |
HMMs, evolutionary programming, genetic algorithms, anomaly detection, Baum-Welch | Anomaly detection,Data mining,Denial-of-service attack,Computer science,Artificial intelligence,Evolutionary programming,Genetic algorithm,Pattern recognition,Bandwidth (signal processing),Hidden Markov model,Baum–Welch algorithm,Subnetwork,Machine learning | Journal |
Volume | Issue | ISSN |
19 | 2 | 1088-467X |
Citations | PageRank | References |
0 | 0.34 | 20 |
Authors | ||
4 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Juan J. Flores | 1 | 45 | 13.57 |
| Félix Calderón | 2 | 29 | 6.17 |
| Anastacio Antolino | 3 | 0 | 0.34 |
| Juan M. Garcia | 4 | 0 | 0.34 |