Anomaly Intrusion Detection System Using Hierarchical Gaussian Mixture Model

Intrusion Detection Systems have been widely used to overcome security threats in computer networks and to identify unauthorized use, misuse, and abuse of computer systems. Anomaly-based approaches in Intrusion Detection Systems have the advantage of being able to detect unknown attacks; they look for patterns that deviate from the normal behavior. This paper proposed Hierarchical Gaussian Mixture Model (HGMM) a novel type of Gaussian Mixture which detects network based attacks as anomalies using statistical preprocessing classification. This method learns patterns of normal and intrusive activities to classify that use a set of Gaussian probability distribution functions. The use of Maximum likelihood in detection phase has used the deviation between current and reference behavior.