Abstract
In this paper, the problem of the applications of HMM (hidden Markov model) to computer intrusion detection is discussed. Both first-order HMM and second-order HMM are tested to compare their performances of computer intrusion detection. HMMs are used to build a profile of normal activities on a computer from the training data of normal activities on the computer. The norm profile is then used to detect anomalous activities from testing data of both normal and intrusive activities on the computer for intrusion detection. Using the data set of DARPA 2000 LLDOS 1.0, our experiments show that first-order HMM reveals better intrusion detection performance than that of second-order HMM.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
