Application of a Layered Hidden Markov Model in the Detection of Network Attacks
Network-based attacks against computer systems are a common and increasing problem. Attackers continue to increase the sophistication and complexity of their attacks with the goal of removing sensitive data or disrupting operations. Attack detection technology works very well for the detection of kn...
| Main Author: | |
|---|---|
| Format: | Others |
| Published: |
NSUWorks
2013
|
| Subjects: | |
| Online Access: | http://nsuworks.nova.edu/gscis_etd/320 http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1319&context=gscis_etd |
| id |
ndltd-nova.edu-oai-nsuworks.nova.edu-gscis_etd-1319 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-nova.edu-oai-nsuworks.nova.edu-gscis_etd-13192017-01-19T03:56:40Z Application of a Layered Hidden Markov Model in the Detection of Network Attacks Taub, Lawrence Network-based attacks against computer systems are a common and increasing problem. Attackers continue to increase the sophistication and complexity of their attacks with the goal of removing sensitive data or disrupting operations. Attack detection technology works very well for the detection of known attacks using a signature-based intrusion detection system. However, attackers can utilize attacks that are undetectable to those signature-based systems whether they are truly new attacks or modified versions of known attacks. Anomaly-based intrusion detection systems approach the problem of attack detection by detecting when traffic differs from a learned baseline. In the case of this research, the focus was on a relatively new area known as payload anomaly detection. In payload anomaly detection, the system focuses exclusively on the payload of packets and learns the normal contents of those payloads. When a payload's contents differ from the norm, an anomaly is detected and may be a potential attack. A risk with anomaly-based detection mechanisms is they suffer from high false positive rates which reduce their effectiveness. This research built upon previous research in payload anomaly detection by combining multiple techniques of detection in a layered approach. The layers of the system included a high-level navigation layer, a request payload analysis layer, and a request-response analysis layer. The system was tested using the test data provided by some earlier payload anomaly detection systems as well as new data sets. The results of the experiments showed that by combining these layers of detection into a single system, there were higher detection rates and lower false positive rates. 2013-01-01T08:00:00Z text application/pdf http://nsuworks.nova.edu/gscis_etd/320 http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1319&context=gscis_etd CEC Theses and Dissertations NSUWorks anomaly detection hidden markov model intrusion detection network security payload anomaly detection security Computer Sciences |
| collection |
NDLTD |
| format |
Others
|
| sources |
NDLTD |
| topic |
anomaly detection hidden markov model intrusion detection network security payload anomaly detection security Computer Sciences |
| spellingShingle |
anomaly detection hidden markov model intrusion detection network security payload anomaly detection security Computer Sciences Taub, Lawrence Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| description |
Network-based attacks against computer systems are a common and increasing problem. Attackers continue to increase the sophistication and complexity of their attacks with the goal of removing sensitive data or disrupting operations. Attack detection technology works very well for the detection of known attacks using a signature-based intrusion detection system. However, attackers can utilize attacks that are undetectable to those signature-based systems whether they are truly new attacks or modified versions of known attacks. Anomaly-based intrusion detection systems approach the problem of attack detection by detecting when traffic differs from a learned baseline. In the case of this research, the focus was on a relatively new area known as payload anomaly detection. In payload anomaly detection, the system focuses exclusively on the payload of packets and learns the normal contents of those payloads. When a payload's contents differ from the norm, an anomaly is detected and may be a potential attack. A risk with anomaly-based detection mechanisms is they suffer from high false positive rates which reduce their effectiveness. This research built upon previous research in payload anomaly detection by combining multiple techniques of detection in a layered approach. The layers of the system included a high-level navigation layer, a request payload analysis layer, and a request-response analysis layer. The system was tested using the test data provided by some earlier payload anomaly detection systems as well as new data sets. The results of the experiments showed that by combining these layers of detection into a single system, there were higher detection rates and lower false positive rates. |
| author |
Taub, Lawrence |
| author_facet |
Taub, Lawrence |
| author_sort |
Taub, Lawrence |
| title |
Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| title_short |
Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| title_full |
Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| title_fullStr |
Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| title_full_unstemmed |
Application of a Layered Hidden Markov Model in the Detection of Network Attacks |
| title_sort |
application of a layered hidden markov model in the detection of network attacks |
| publisher |
NSUWorks |
| publishDate |
2013 |
| url |
http://nsuworks.nova.edu/gscis_etd/320 http://nsuworks.nova.edu/cgi/viewcontent.cgi?article=1319&context=gscis_etd |
| work_keys_str_mv |
AT taublawrence applicationofalayeredhiddenmarkovmodelinthedetectionofnetworkattacks |
| _version_ |
1718408528360636416 |