A Simple and Efficient Hidden Markov Model Scheme for Host-Based Anomaly Intrusion Detection

Date Added: Aug 2009
Format: PDF

Extensive research activities have been observed on network-based Intrusion Detection Systems (IDSs). However, there are always some attacks that penetrate traffic-profiling-based network IDSs. These attacks often cause very serious damages such as modifying host critical files. A host-based anomaly IDS is an effective complement to the network IDS in addressing this issue. This paper proposes a simple data preprocessing approach to speed up a Hidden Markov Model (HMM) training for system-call-based anomaly intrusion detection. Experiments based on a public database demonstrate that this data preprocessing approach can reduce training time by up to 50 percent with unnoticeable intrusion detection performance degradation, compared to a conventional batch HMM training scheme.