Network Forensics Scenario Reconstruction Method Based on Hidden Markov Models

Gu, Wei; Xu, Liancheng; Ren, Min; Han, Xiaoyan

doi:10.1109/itme.2015.94

Cited by 2 publications

(4 citation statements)

References 2 publications

(2 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…One example of the sequence of transactions can be shown as llmhmlhm. The types of purchases such [13], [27], [43], [86], [93], [101], [107] [2], [34], [39], [50], [59], [113], [118] [30], [41], [77], [83] [4], [8], [17], [36], [38], [42] [6], [7], [18], [48], [74], [92] [28], [33], [40], [47], [53], [67], [71], [97], [105], [114], [116], [119] [54], [55], [112] [15], [70], [77], [95], [99], [102] [10], [44], [66] [41], [53], [56], [74],…”

Section: Credit Card Fraud Detectionmentioning

confidence: 99%

See 1 more Smart Citation

A systematic review on intrusion detection based on the Hidden Markov Model

Ramaki

Rasoolzadegan

Jafari

2018

Statistical Analysis

View full text Add to dashboard Cite

Apart from using traditional security solutions in software systems such as firewalls and access control mechanisms, utilizing intrusion detection systems are also necessary. Intrusion detection is a process in which a set of methods are used to detect malicious activities against the victims. Many techniques for detecting potential intrusions in software systems have already been introduced. One of the most important techniques for intrusion detection based on machine learning is using Hidden Markov Models (HMM). In recent decades, many research communities have been working toward HMM-based intrusion detection. Therefore, a large volume of research works has been published and hence, various research areas have emerged in this field. However, until now, there has been no systematic and up-to-date review of research works within the field. This paper aims to survey the research in this field and provide open problems and challenges based on the analysis of advantages, limitations, types of architectural models, and applications of current techniques. Six various architecture models for intrusion detection purposes are proposed in the literature. We compare these models based on performance criteria in order to select an appropriate type for a specific application. The results show that HMM-based intrusion detection techniques have 6 main advantages-precise intrusion detection, ability to detect new and unknown intrusions, prediction of the intruder's potential next steps, usage in real-time applications by processing data streams on-the-fly, usage of heterogeneous data sources as input, and visual representation of acquired knowledge relative to the other techniques of machine learning. KEYWORDSHidden Markov Model, intrusion detection, intrusion detection system, statistical learning, system and network security

show abstract

Section: Credit Card Fraud Detectionmentioning

confidence: 99%

“…Research on alert correlating and predicting systems based on the HMM include [28,33,40,47,53,61,67,71,97,105,114,116,119] which aim to extract and track multistep attack scenarios by analyzing the correlation between alerts created by IDS. As a detailed example, ref.…”

Section: Multistep Attack Detection and Predictionmentioning

confidence: 99%

A systematic review on intrusion detection based on the Hidden Markov Model

Ramaki

Rasoolzadegan

Jafari

2018

Statistical Analysis

View full text Add to dashboard Cite

show abstract

“…Prevention of Malice Software a 12 Media Processing and Security a 13 Operation Program and Duty a 14 Network Management a 15 Information and Software, Hardware Exchange a 21 Management of Network Access a 22 Management of User's Access a 23 Management of Application Access a 24 System Access and Monitoring of Usage a 31 Effect on Tangible Assets a 32 Effect on Intangible Assets…”

Section: Criteria Description Of the Criteriamentioning

confidence: 99%

“…Besides, many studies have researched the security of computer networks because of the emergence of a large number of cyber crimes, which are researched in many studies [9,10]. To combat cyber crimes vigorously, studies regarding computer forensics [11,12], virus prevention technologies [13], security visualization for computer network logs [14], intrusion detection [15], etc., have been performed in recent years. In addition, approaches of computer network security risk assessment are also of great significance to improve computer network security.…”

Section: Introductionmentioning

confidence: 99%

A Novel Network Security Risk Assessment Approach by Combining Subjective and Objective Weights under Uncertainty

et al. 2018

View full text Add to dashboard Cite

Nowadays, computer networks are playing a more and more important role in people's daily lives. Meanwhile, the security of computer networks has also attracted widespread concern. However, up to now, there is no universal and effective assessment approach for computer network security. Therefore, a novel network security risk assessment approach by combining subjective and objective weights under uncertainty is proposed. In the proposed evaluation approach, the uncertainty of evaluation data is taken into account, which is translated into objective weights through an uncertainty measure. By combining the subjective weights of evaluation criteria and the objective weights of evaluation data, the final weights can be obtained. Then, Dempster-Shafer (D-S) evidence theory and pignistic probability transformation (PPT) are employed to derive a consensus decision for the degree of the network security risk. Two illustrative examples are given to show the efficiency of the proposed approach. This approach of risk assessment, which combines subjective and objective weights, can not only effectively evaluate computer network security, but also be widely used in decision-making.

show abstract

Network Forensics Scenario Reconstruction Method Based on Hidden Markov Models

Cited by 2 publications

References 2 publications

A systematic review on intrusion detection based on the Hidden Markov Model

A systematic review on intrusion detection based on the Hidden Markov Model

A Novel Network Security Risk Assessment Approach by Combining Subjective and Objective Weights under Uncertainty

Contact Info

Product

Resources

About