A Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection

Ruchi Jain, Nasser Abouzakhar

Research output: Contribution to journalArticlepeer-review

Abstract

This paper aims to analyse the performance of Hidden Markov Model (HMM) and Support Vector Machine (SVM) for anomaly intrusion detection. These techniques discriminate between normal and abnormal behaviour of network traffic. The specific focus of this study is to investigate and identify distinguishable TCP services that comprise of both normal and abnormal types of TCP packets, using J48 decision tree algorithm. The publicly available KDD Cup 1999 dataset has been used in training and evaluation of such techniques. Experimental results demonstrate that the HMM is able to classify network traffic with approximately 76% to 99% accuracy while SVM classifies it with approximately 80% to 99% accuracy.
Original languageEnglish
Pages (from-to)176-184
Number of pages9
JournalInternational Journal of Internet Technology and Secured Transactions (JITST)
Volume2
Issue number1/2/3/4
Publication statusPublished - Dec 2013

Keywords

  • Hidden Markov Model, Support Vector Machine, Distinguishable TCP Services, Anomaly Intrusion Detection

Fingerprint

Dive into the research topics of 'A Comparative Study of Hidden Markov Model and Support Vector Machine in Anomaly Intrusion Detection'. Together they form a unique fingerprint.

Cite this