AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the...

Full description

Bibliographic Details
Main Authors: Chongya Song, Alexander Pons, Kang Yen
Format: Article
Language:English
Published: MDPI AG 2018-11-01
Series:Applied Sciences
Subjects:
Online Access:https://www.mdpi.com/2076-3417/8/12/2421
id doaj-f97cef0ca3da40b7866d4e74c130e395
record_format Article
spelling doaj-f97cef0ca3da40b7866d4e74c130e3952020-11-24T21:23:00ZengMDPI AGApplied Sciences2076-34172018-11-01812242110.3390/app8122421app8122421AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion DetectionChongya Song0Alexander Pons1Kang Yen2Department of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USADepartment of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USADepartment of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USAIn the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.https://www.mdpi.com/2076-3417/8/12/2421network intrusion detectionadversarial settingAnti-Adversarial Hidden Markov Model (AA-HMM)evasion patternsdynamic window (DW)threshold (TH)pattern entropy (PE)adaptability
collection DOAJ
language English
format Article
sources DOAJ
author Chongya Song
Alexander Pons
Kang Yen
spellingShingle Chongya Song
Alexander Pons
Kang Yen
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
Applied Sciences
network intrusion detection
adversarial setting
Anti-Adversarial Hidden Markov Model (AA-HMM)
evasion patterns
dynamic window (DW)
threshold (TH)
pattern entropy (PE)
adaptability
author_facet Chongya Song
Alexander Pons
Kang Yen
author_sort Chongya Song
title AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
title_short AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
title_full AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
title_fullStr AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
title_full_unstemmed AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
title_sort aa-hmm: an anti-adversarial hidden markov model for network-based intrusion detection
publisher MDPI AG
series Applied Sciences
issn 2076-3417
publishDate 2018-11-01
description In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.
topic network intrusion detection
adversarial setting
Anti-Adversarial Hidden Markov Model (AA-HMM)
evasion patterns
dynamic window (DW)
threshold (TH)
pattern entropy (PE)
adaptability
url https://www.mdpi.com/2076-3417/8/12/2421
work_keys_str_mv AT chongyasong aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection
AT alexanderpons aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection
AT kangyen aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection
_version_ 1725993957077286912