Markov Chains, Classifiers, and Intrusion Detection
This paper presents a statistical anomaly detection
algorithm based on Markov chains. Our algorithm can be directly
applied for intrusion detection by discovering anomalous
activities. Our framework for constructing anomaly detectors is very
general and can be used by other researchers for constructing
Markov-chain-based anomaly detectors. We also present performance
metrics for evaluating the effectiveness of anomaly
detectors. Extensive experimental results clearly demonstrate the
effectiveness of our algorithm. We discuss several future directions
for research based on the framework presented in this paper.
Download:[PS,PDF]
Somesh Jha
Last modified: Mon Mar 31 11:01:41 CST 2003