Network Intrusion Detection Based on Hidden Markov Model and Conditional Entropy

  • Linying XiaoEmail author
  • Huaibin Wang
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1122)


Nowadays, more and more machine learning algorithms are introduced into intrusion detection. Some researchers improved existing algorithms, while others combined a variety of methods. Each method have their benefits but limitations are inevitable. In this paper, we proposed a novel model of network intrusion detection based on anomaly traffic. And hidden Markov model (HMM) is utilized into this field, which effectively combines statistics and traffic classification. Based on network, some extracted traffic features based PCA are used as the input value of HMM. Eventually, the types of the traffic are judged by the probability value of output. If the traffic type is abnormal, the network is already under attack. Conversely, it’s under security. During model training, we creatively use conditional entropy to optimize the Baum-Welch algorithm, and the performance evaluation results indicate HMM achieve better precision and lower computational cost compared with others.


Network security Intrusion detection Conditional entropy Hidden Markov model (HMM) Baum-Welch algorithm 


  1. 1.
    Potluri, S., Diedrich, C.: Accelerated deep neural networks for enhanced Intrusion Detection System. In: IEEE International Conference on Emerging Technologies & Factory Automation. IEEE (2016)Google Scholar
  2. 2.
    Bhuvaneswari, G., Manikandan, G.: A novel machine learning framework for diagnosing the type 2 diabetics using temporal fuzzy ant miner decision tree classifier with temporal weighted genetic algorithm. Computing 100, 759–772 (2018)CrossRefGoogle Scholar
  3. 3.
    Boukhris, I., Elouedi, Z., Ajabi, M.: Toward intrusion detection using belief decision trees for big data. Knowl. Inf. Syst. 53, 671–698 (2017)CrossRefGoogle Scholar
  4. 4.
    Elliott, R.J., Siu, T.K., Fung, E.S.: A Double HMM approach to Altman Z-scores and credit ratings. Expert Syst. Appl. 41(4), 1553–1560 (2014)CrossRefGoogle Scholar
  5. 5.
    Li, Z., Fang, H., Huang, M.: Diversified learning for continuous hidden Markov models with application to fault diagnosis. Expert Syst. Appl. 42(23), 9165–9173 (2015)CrossRefGoogle Scholar
  6. 6.
    Ying, J., Kirubarajan, T., Pattipati, K.R., et al.: A hidden Markov model-based algorithm for fault diagnosis with partial and imperfect tests. IEEE Trans. Syst. Man Cybern. Part C (Appl. Rev.) 30(4), 463–473 (2000)CrossRefGoogle Scholar
  7. 7.
    Cao, Y., Li, Y., Coleman, S., et al.: Adaptive hidden Markov model with anomaly states for price manipulation detection. IEEE Trans. Neural Netw. Learn. Syst. 26(2), 318–330 (2015)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Soualhi, A., Clerc, G., Razik, H., et al.: Hidden Markov models for the prediction of impending faults. IEEE Trans. Industr. Electron. 63(5), 3271–3281 (2016)CrossRefGoogle Scholar
  9. 9.
    Komviriyavut, T., Sangkatsanee, P., Wattanapongsakorn, N., et al.: Network intrusion detection and classification with Decision Tree and rule based approaches. In: International Conference on Communications & Information Technologies. IEEE Press (2009)Google Scholar
  10. 10.
    Fung, C.J., Zhang, J., Boutaba, R.: Effective acquaintance management based on Bayesian learning for distributed intrusion detection networks. IEEE Trans. Netw. Serv. Manag. 9(3), 320–332 (2012)CrossRefGoogle Scholar
  11. 11.
    Saha, S.K., Sarkar, S., Mitra, P.: Feature selection techniques for maximum entropy based biomedical named entity recognition. J. Biomed. Inform. 42(5), 905–911 (2009)CrossRefGoogle Scholar
  12. 12.
  13. 13.
    Song, J., Takakura, H., Okabe, Y., et al.: Statistical analysis of honeypot data and building of Kyoto 2006+ dataset for NIDS evaluation. In: Workshop on Building Analysis Datasets & Gathering Experience Returns for Security (2011)Google Scholar
  14. 14.
    Callegari, C., Gazzarrini, L., Giordano, S., et al.: Improving PCA-based anomaly detection by using multiple time scale analysis and Kullback–Leibler divergence. Int. J. Commun. Syst. 27(10), 1731–1751 (2015)CrossRefGoogle Scholar
  15. 15.
    Almseidin, M., Alzubi, M., Kovacs, S., et al.: Evaluation of machine learning algorithms for intrusion detection system (2018)Google Scholar
  16. 16.
    Salama, M.A., Eid, H.F., Ramadan, R.A., Darwish, A., Hassanien, A.E.: Hybrid intelligent intrusion detection scheme. In: Gaspar-Cunha, A., Takahashi, R., Schaefer, G., Costa, L. (eds.) Soft Computing in Industrial Applications. AINSC, vol. 96, pp. 293–303. Springer, Heidelberg (2011). Scholar
  17. 17.
    Chebrolu, S., Abraham, A., Thomas, J.P.: Feature deduction and ensemble design of intrusion detection systems. Comput. Secur. 24(4), 295–307 (2005)CrossRefGoogle Scholar
  18. 18.
    Chen, Y., Abraham, A., Yang, B.: Feature selection and classification using flexible neural tree. Neurocomputing 70(1–3), 305–313 (2006)CrossRefGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Tianjin University of TechnologyTianjinChina

Personalised recommendations