Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern
The defects of intrusion detection using fixed-length short system call sequences were analyzed. A method of extracting variable-length short system call sequences, grounded on the function return addresses stored in the process stacks, was proposed. Based on the hierarchical relationship and the st...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2010-01-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/74649136/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841537680775577600 |
|---|---|
| author | DUAN Xue-tao1 JIA Chun-fu 1 LIU Chun-bo1 |
| author_facet | DUAN Xue-tao1 JIA Chun-fu 1 LIU Chun-bo1 |
| author_sort | DUAN Xue-tao1 |
| collection | DOAJ |
| description | The defects of intrusion detection using fixed-length short system call sequences were analyzed. A method of extracting variable-length short system call sequences, grounded on the function return addresses stored in the process stacks, was proposed. Based on the hierarchical relationship and the state transition characteristics of the variable-length semantic patterns, a hierarchical hidden Markov intrusion detection model was presented. The experimental results show that the hierarchical hidden Markov intrusion detection model is superior to the traditional hidden Markov model. |
| format | Article |
| id | doaj-art-533e54d75eae4fcf902afdb847a64d07 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2010-01-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-533e54d75eae4fcf902afdb847a64d072025-01-14T08:26:22ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2010-01-013110911474649136Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic patternDUAN Xue-tao1JIA Chun-fu 1LIU Chun-bo1The defects of intrusion detection using fixed-length short system call sequences were analyzed. A method of extracting variable-length short system call sequences, grounded on the function return addresses stored in the process stacks, was proposed. Based on the hierarchical relationship and the state transition characteristics of the variable-length semantic patterns, a hierarchical hidden Markov intrusion detection model was presented. The experimental results show that the hierarchical hidden Markov intrusion detection model is superior to the traditional hidden Markov model.http://www.joconline.com.cn/zh/article/74649136/intrusion detectionhierarchical hidden Markov modelsystem callvariable-length semantic patternprocess stack |
| spellingShingle | DUAN Xue-tao1 JIA Chun-fu 1 LIU Chun-bo1 Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern Tongxin xuebao intrusion detection hierarchical hidden Markov model system call variable-length semantic pattern process stack |
| title | Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| title_full | Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| title_fullStr | Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| title_full_unstemmed | Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| title_short | Intrusion detection method based on hierarchical hidden Markov model and variable-length semantic pattern |
| title_sort | intrusion detection method based on hierarchical hidden markov model and variable length semantic pattern |
| topic | intrusion detection hierarchical hidden Markov model system call variable-length semantic pattern process stack |
| url | http://www.joconline.com.cn/zh/article/74649136/ |
| work_keys_str_mv | AT duanxuetao1 intrusiondetectionmethodbasedonhierarchicalhiddenmarkovmodelandvariablelengthsemanticpattern AT jiachunfu1 intrusiondetectionmethodbasedonhierarchicalhiddenmarkovmodelandvariablelengthsemanticpattern AT liuchunbo1 intrusiondetectionmethodbasedonhierarchicalhiddenmarkovmodelandvariablelengthsemanticpattern |