Abstract
This paper aims to analyse the performance of Hidden Markov Model (HMM) and Support Vector Machine (SVM) for anomaly intrusion detection. These techniques discriminate between normal and abnormal behaviour of network traffic. The specific focus of this study is to investigate and identify distinguishable TCP services that comprise of both normal and abnormal types of TCP packets, using J48 decision tree algorithm. The publicly available KDD Cup 1999 dataset has been used in training and evaluation of such techniques. Experimental results demonstrate that the HMM is able to classify network traffic with approximately 76% to 99% accuracy while SVM classifies it with approximately 80% to 99% accuracy.
Original language | English |
---|---|
Pages (from-to) | 176-184 |
Number of pages | 9 |
Journal | International Journal of Internet Technology and Secured Transactions (JITST) |
Volume | 2 |
Issue number | 1/2/3/4 |
Publication status | Published - Dec 2013 |
Keywords
- Hidden Markov Model, Support Vector Machine, Distinguishable TCP Services, Anomaly Intrusion Detection