2010 | OriginalPaper | Buchkapitel
Hidden Markov Models for Automated Protocol Learning
verfasst von : Sean Whalen, Matt Bishop, James P. Crutchfield
Erschienen in: Security and Privacy in Communication Networks
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Hidden Markov Models (HMMs) have applications in several areas of computer security. One drawback of HMMs is the selection of appropriate model parameters, which is often ad hoc or requires domain-specific knowledge. While algorithms exist to find local optima for some parameters, the number of states must always be specified and directly impacts the accuracy and generality of the model. In addition, domain knowledge is not always available or may be based on assumptions that prove incorrect or sub-optimal.
We apply the
ε
-machine—a special type of HMM—to the task of constructing network protocol models solely from network traffic. Unlike previous approaches,
ε
-machine reconstruction infers the minimal HMM architecture directly from data and is well suited to applications such as anomaly detection. We draw distinctions between our approach and previous research, and discuss the benefits and challenges of
ε
-machine for protocol model inference.