Hidden Markov Model (HMM) based Intrusion Detection System (IDS)

Abstract

Networked Telemetry faces the threat of intrusion like any other cyber network. In this paper, we address the problem of modeling an Intrusion Detection System (IDS) using Hidden Markov Model (HMM). It is part of a bigger objective towards capturing and analyzing network traffic to identify anomalous traffic which in turn will be used to alarm a system administrator. The network traffic analysis phase involves feature extraction, dimension reduction and vector quantization (VQ) techniques which play a significant role in large data sets as the number of data being transmitted is increasing day by day from one network to another. The IDS framework developed makes use of multi-class HMM where each of the HMM layers are trained for a specific network traffic type. In order to test the resulting model’s capability to predict anomalous traffic, the system is tested with a testing data set. Performance of the model against the KDD ‘99 dataset demonstrates accuracy greater that 99%.