By Topic

A New Anomaly Detection Method Based on Rough Set Reduction and HMM

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Fanping Zeng ; Dept. of Comput., Univ. of Sci. & Technol. of China, Hefei, China ; Kaitao Yin ; Minghui Chen ; Xufa Wang

Over the past few years, anomaly detection has been an increasing concern with the rapid growth of the network security. Hidden Markov model (HMM) has been applied in various methods in intrusion detection and proved to be a good tool to model normal behaviors of privileged processes, however, one major problem with this approach is that it demands excessive computing resources and costs a long model training time, which makes it inefficient for practical intrusion detection. This paper presents a new method of bringing rough set reduction into HMM to overcome the shortcoming. The proposed approach classifies and simplifies the long observation sequence by virtue of rough set reduction, and the decision conditions obtained in rough set reduction phase could be used in further detection. The experimental results indicate that this method can promote the model training efficiency. Further-more, it is suitable for anomaly detection with high detect rate and low false alarm rate.

Published in:

Computer and Information Science, 2009. ICIS 2009. Eighth IEEE/ACIS International Conference on

Date of Conference:

1-3 June 2009