Paper Info
Title
Multi-Layer Hidden Markov Model Based Intrusion Detection System
Abstract
The all IP nature of the next generation (5G) networks is going to open a lot of doors for new vulnerabilities which are going to be challenging in preventing the risk associated with them. Majority of these vulnerabilities might be impossible to detect with simple networking traffic monitoring tools. Intrusion Detection Systems (IDS) which rely on machine learning and artificial intelligence can significantly improve network defense against intruders. This technology can be trained to learn and identify uncommon patterns in massive volume of traffic and notify, using such as alert flags, system administrators for additional investigation. This paper proposes an IDS design which makes use of machine learning algorithms such as Hidden Markov Model (HMM) using a multi-layer approach. This approach has been developed and verified to resolve the common flaws in the application of HMM to IDS commonly referred as the curse of dimensionality. It factors a huge problem of immense dimensionality to a discrete set of manageable and reliable elements. The multi-layer approach can be expanded beyond 2 layers to capture multi-phase attacks over longer spans of time. A pyramid of HMMs can resolve disparate digital events and signatures across protocols and platforms to actionable information where lower layers identify discrete events (such as network scan) and higher layers new states which are the result of multi-phase events of the lower layers. The concepts of this novel approach have been developed but the full potential has not been demonstrated.
Year
DOI
Venue
2019
10.3390/make1010017
MACHINE LEARNING AND KNOWLEDGE EXTRACTION
Keywords
DocType
Volume
Intrusion Detection System (IDS), Hidden Markov Model (HMM), multi-stage attacks
Journal
1
Issue
Citations 
PageRank 
1
2
0.47
References 
Authors
0
3
Name
Order
Citations
PageRank
Wondimu K. Zegeye121.48
Richard Dean220.81
Farzad Moazzami321.14