采用shell命令和隐Markov模型进行网络用户行为异常检测

Journal of Applied Sciences

• Articles • Previous Articles Next Articles

Detection of Anomalous User Behavior Based on Shell Commands and Hidden Markov Models

TIAN Xing－uang1, 2, DUAN Mi-yi1, 2, SUN Chun-lai1, LI Wen-fa 2

1.Institute of Computing Technology, Beijing Jiaotong University, Beijing 100029)
2.Institute of Computing Technology, Chinese Academy of Sciences, Beijing 100080)

Received:2007-07-20 Revised:2007-12-03 Online:2008-03-31 Published:2008-03-31

Abstract

Abstract: Anomaly detection is an active research topic in network intrusion detection. This paper presents a novel method for detecting anomalous user behavior based on shell commands and hidden Markov models (HMM). The method constructs a specific HMM to represent the normal behavior profile of a network user, and associates classes of user behavior patterns with states of the HMM. The HMM parameters are calculated with a sequence matching algorithm which is much simpler than the classical Baum-Welch algorithm. This reduces computational complexity to a great extent. At the detection stage, a decision rule based on probabilities of short state sequences is adopted, and more than one threshold are used to classify the user behavior. Performance of the method is tested in computer simulation, showing high detection accuracy and efficiency.

Key words: intrusion detection, hidden Markov model, anomaly detection, shell command

TIAN Xing－uang;DUAN Mi-yi;SUN Chun-lai;LI Wen-fa . Detection of Anomalous User Behavior Based on Shell Commands and Hidden Markov Models
[J]. Journal of Applied Sciences.

[1]	YU Yue, DENG Li, PANG Hong-lin, FEI Min-rui. Environmental Anomaly Detection Method during Crop Growth Based on Distributed Clustering [J]. Journal of Applied Sciences, 2018, 36(6): 1010-1021.
[2]	CHENG Bao-zhi, ZHAO Chun-hui, WANG Yu-lei. SVDD Algorithm with Spectral Unmixing for Anomaly Detection in Hyperspectral Images [J]. Journal of Applied Sciences, 2012, 30(1): 82-88.
[3]	YE Fei1;2, YI Na1, WANG Yi-fei1. Algorithms of Third-Order Hidden Markov Model and Its Relationship with First-Order Hidden Markov Model [J]. Journal of Applied Sciences, 2011, 29(5): 500-507.
[4]	GAO Song, QIN Dian-gang, FENG Tie-nan, MA Cheng-rong, WANG Yi-fei. Improved Algorithms of HMM2 and Applications to MiRNA Target Predictions [J]. Journal of Applied Sciences, 2010, 28(3): 307-312.
[5]	HU Hai-jiang, GU Rui-fei, HOU Wen-mei, ZHANG Feng-deng. Novel Strategy of Intrusion Detection for Peer-to-Peer Networks [J]. Journal of Applied Sciences, 2009, 27(4): 397-402.
[6]	WANG Jiang-tao;YANG Geng SUN Yuan;CHEN Sheng-shou . Security LEACH Routing Protocol Based on Attack Detection [J]. Journal of Applied Sciences, 2007, 25(6): 557-557 .
[7]	YIN Wei-wei, WU Le-nan. Joint Source-Channel Decoding Based on Iterative Source Model Parameter Update [J]. Journal of Applied Sciences, 2006, 24(4): 345-348.
[8]	ZHONG Yong, QIN Xiao-lin, BAO Lei. Mining Algorithm Based on User Query and Its Application in Intrusion Detection [J]. Journal of Applied Sciences, 2005, 23(5): 506-512.

Detection of Anomalous User Behavior Based on Shell Commands and Hidden Markov Models

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 8

Recommended Articles

Metrics

Comments