Hidden Markov Model Based Anomaly Intrusion Detection

Ruchi Jain, Nasser Abouzakhar

Research output: Contribution to conferencePaperpeer-review

13 Citations (Scopus)


This paper aims to investigate and identify distinguishable TCP services, that comprise of both attack and normal types of TCP packets, using J48 decision tree algorithm. A predictive model capable of discriminating between normal
and abnormal behavior of network traffic is developed by integrating Hidden Markov Model (HMM) technique with anomaly intrusion detection approach for each distinguishable TCP service. The model has been trained for each TCP session of the KDD Cup 1999 dataset using Baum-Welch training (BWT)
and Viterbi training (VT) algorithms. Evaluation of the developed HMM model is performed using Forward and Backward algorithms. Results show that the proposed model is able to classify network traffic with approximately 76% to 99%
accuracy. The overall performance of model is measured using
standard evaluation method ROC curves.
Original languageEnglish
Number of pages6
Publication statusPublished - 2012
EventThe 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) - London, London, United Kingdom
Duration: 10 Dec 201212 Dec 2012


ConferenceThe 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012)
Country/TerritoryUnited Kingdom


  • Hidden Markov Model, Distinguishable TCP services, Anomaly intrusion detection


Dive into the research topics of 'Hidden Markov Model Based Anomaly Intrusion Detection'. Together they form a unique fingerprint.

Cite this