Abstract
This paper aims to investigate and identify distinguishable TCP services, that comprise of both attack and normal types of TCP packets, using J48 decision tree algorithm. A predictive model capable of discriminating between normal
and abnormal behavior of network traffic is developed by integrating Hidden Markov Model (HMM) technique with anomaly intrusion detection approach for each distinguishable TCP service. The model has been trained for each TCP session of the KDD Cup 1999 dataset using Baum-Welch training (BWT)
and Viterbi training (VT) algorithms. Evaluation of the developed HMM model is performed using Forward and Backward algorithms. Results show that the proposed model is able to classify network traffic with approximately 76% to 99%
accuracy. The overall performance of model is measured using
standard evaluation method ROC curves.
and abnormal behavior of network traffic is developed by integrating Hidden Markov Model (HMM) technique with anomaly intrusion detection approach for each distinguishable TCP service. The model has been trained for each TCP session of the KDD Cup 1999 dataset using Baum-Welch training (BWT)
and Viterbi training (VT) algorithms. Evaluation of the developed HMM model is performed using Forward and Backward algorithms. Results show that the proposed model is able to classify network traffic with approximately 76% to 99%
accuracy. The overall performance of model is measured using
standard evaluation method ROC curves.
Original language | English |
---|---|
Pages | 528-533 |
Number of pages | 6 |
Publication status | Published - 2012 |
Event | The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) - London, London, United Kingdom Duration: 10 Dec 2012 → 12 Dec 2012 |
Conference
Conference | The 7th International Conference for Internet Technology and Secured Transactions (ICITST-2012) |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 10/12/12 → 12/12/12 |
Keywords
- Hidden Markov Model, Distinguishable TCP services, Anomaly intrusion detection