Abstract
In this paper, a decision model of fusion classification based on HMM-DS is proposed, and the training and recognition methods of the model are given. As the pure HMM classifier can’t have an ideal balance between each model with a strong ability to identify its target and the maximum difference between models. So in this paper, the results of HMM are integrated into the DS framework, and HMM provides state probabilities for DS. The output of each hidden Markov model is used as a body of evidence. The improved evidence theory method is proposed to fuse the results and encounter drawbacks of the pure HMM for improving classification accuracy of the system. We compare our approach with the traditional evidence theory method, other representative improved DS methods, pure HMM method and common classification methods. The experimental results show that our proposed method has a significant practical effect in improving the training process of network attack classification with high accuracy.
Highlights
With the development and popularity of Internet, the network environment in today's society is more and more complex
The experiments run in an Intel Pentium 2.7 GHz computer with 2.0G memory running Windows7.The code for data processing and data mining is written in MatlabR2014a
DS evidence theory method was applied to fuse the output of sub hidden Markov model, which can classify attacks effectively
Summary
With the development and popularity of Internet, the network environment in today's society is more and more complex. Security of network has become a very important problem in the network. Intrusion detection system which attempts to use data mining and machine learning methods to detect and classify intrusion activities plays an important role in detecting and preventing network attacks[1]. Intrusion detection systems can be split into two groups: 1) anomaly-based detection system and 2) misuse-based detection system[2]. Each of them has a different way in detecting and protecting data security and has both advantages and disadvantages. The misuse-based detection system, especially the reasoning system based on model matching, can achieve high classification accuracy for known attacks. Scholars proposed various classifier models to solve classification problem in network intrusion detection, including Bayesian network, fuzzy logic, k-nearest neighbor, decision tree, neural networks, support vector machine, the hidden Markov model
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call