AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection
In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2018-11-01
|
Series: | Applied Sciences |
Subjects: | |
Online Access: | https://www.mdpi.com/2076-3417/8/12/2421 |
id |
doaj-f97cef0ca3da40b7866d4e74c130e395 |
---|---|
record_format |
Article |
spelling |
doaj-f97cef0ca3da40b7866d4e74c130e3952020-11-24T21:23:00ZengMDPI AGApplied Sciences2076-34172018-11-01812242110.3390/app8122421app8122421AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion DetectionChongya Song0Alexander Pons1Kang Yen2Department of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USADepartment of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USADepartment of Electrical and Computer Engineering, Florida International University, Miami, FL 33174, USAIn the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.https://www.mdpi.com/2076-3417/8/12/2421network intrusion detectionadversarial settingAnti-Adversarial Hidden Markov Model (AA-HMM)evasion patternsdynamic window (DW)threshold (TH)pattern entropy (PE)adaptability |
collection |
DOAJ |
language |
English |
format |
Article |
sources |
DOAJ |
author |
Chongya Song Alexander Pons Kang Yen |
spellingShingle |
Chongya Song Alexander Pons Kang Yen AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection Applied Sciences network intrusion detection adversarial setting Anti-Adversarial Hidden Markov Model (AA-HMM) evasion patterns dynamic window (DW) threshold (TH) pattern entropy (PE) adaptability |
author_facet |
Chongya Song Alexander Pons Kang Yen |
author_sort |
Chongya Song |
title |
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection |
title_short |
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection |
title_full |
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection |
title_fullStr |
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection |
title_full_unstemmed |
AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection |
title_sort |
aa-hmm: an anti-adversarial hidden markov model for network-based intrusion detection |
publisher |
MDPI AG |
series |
Applied Sciences |
issn |
2076-3417 |
publishDate |
2018-11-01 |
description |
In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities. |
topic |
network intrusion detection adversarial setting Anti-Adversarial Hidden Markov Model (AA-HMM) evasion patterns dynamic window (DW) threshold (TH) pattern entropy (PE) adaptability |
url |
https://www.mdpi.com/2076-3417/8/12/2421 |
work_keys_str_mv |
AT chongyasong aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection AT alexanderpons aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection AT kangyen aahmmanantiadversarialhiddenmarkovmodelfornetworkbasedintrusiondetection |
_version_ |
1725993957077286912 |