Security

A Program-Based Anomaly Intrusion Detection Scheme Using Multiple Detection Engines and Fuzzy Inference

Download Now Free registration required

Executive Summary

In this paper, a hybrid anomaly intrusion detection scheme using program system calls is proposed. In this scheme, a Hidden Markov Model (HMM) detection engine and a normal database detection engine have been combined to utilize their respective advantages. A fuzzy-based inference mechanism is used to infer a soft boundary between anomalous and normal behavior, which is otherwise very difficult to determine when they overlap or are very close. To address the challenging issue of high cost in HMM training, an incremental HMM training with optimal initialization of HMM parameters is suggested. Experimental results show that the proposed fuzzy-based detection scheme can reduce false positive alarms by 48%, compared to the single normal database detection scheme.

  • Format: PDF
  • Size: 480.87 KB