AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the...

Full description

Bibliographic Details
Main Authors: Chongya Song, Alexander Pons, Kang Yen
Format: Article
Language:English
Published: MDPI AG 2018-11-01
Series:Applied Sciences
Subjects:
Online Access:https://www.mdpi.com/2076-3417/8/12/2421
Description
Summary:In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.
ISSN:2076-3417