Mitigating Coordinated Call Attacks On VoIP Networks Using Hidden Markov Model

Abstract This paper presents a 2-tier scheme for mitigating coordinated call attacks on VoIP networks. Call interaction pattern was considered using talk and salient periods in a VoIP call conversation. At the first-tier, Short Term Energy algorithm was used for call interaction feature extraction and at the second-tier Hidden Markov Model was used for caller legitimacy recognition. Data of VoIP call conversations were collated and analyzed to extract distinctive features in VoIP call interaction pattern to ascertain the legitimacy of a caller against coordinated call attacker. The performance metrics that was used are; False Error Rate (FER), Specificity, Detection Accuracy and Throughput. Several experiments were conducted to see how effective the mitigating scheme is, as the scheme acts as a proxy server to Session Initiation Protocol (SIP) server. The experiments show that; when the VoIP server is under coordinated call attack without a mitigating scheme only 15.2% of legitimate VoIP users had access to the VoIP network and out of which about half of the legitimate users had their calls dropped before completion, while with the 2-tier mitigating scheme, when the VoIP server is under coordinated call attacks over 90.3% legitimate VoIP callers had their calls through to completion

Download Full-text

AA-HMM: An Anti-Adversarial Hidden Markov Model for Network-Based Intrusion Detection

Applied Sciences ◽

10.3390/app8122421 ◽

2018 ◽

Vol 8 (12) ◽

pp. 2421 ◽

Cited By ~ 1

Author(s):

Chongya Song ◽

Alexander Pons ◽

Kang Yen

Keyword(s):

Markov Model ◽

Hidden Markov Model ◽

Performance Metrics ◽

Hidden Markov ◽

Data Sets ◽

Learning Abilities ◽

Benchmark Data ◽

Malicious Behavior ◽

Network Intrusion ◽

The Common

In the field of network intrusion, malware usually evades anomaly detection by disguising malicious behavior as legitimate access. Therefore, detecting these attacks from network traffic has become a challenge in this an adversarial setting. In this paper, an enhanced Hidden Markov Model, called the Anti-Adversarial Hidden Markov Model (AA-HMM), is proposed to effectively detect evasion pattern, using the Dynamic Window and Threshold techniques to achieve adaptive, anti-adversarial, and online-learning abilities. In addition, a concept called Pattern Entropy is defined and acts as the foundation of AA-HMM. We evaluate the effectiveness of our approach employing two well-known benchmark data sets, NSL-KDD and CTU-13, in terms of the common performance metrics and the algorithm’s adaptation and anti-adversary abilities.

Download Full-text

Detection of contributing object to driving operations based on hidden Markov model

International Journal of Advanced Robotic Systems ◽

10.1177/1729881419876794 ◽

2019 ◽

Vol 16 (5) ◽

pp. 172988141987679

Author(s):

Kohjiro Hashimoto ◽

Tetsuyasu Yamada ◽

Takeshi Tsuchiya ◽

Kae Doki ◽

Yuki Funabora ◽

...

Keyword(s):

Time Series ◽

Markov Model ◽

Hidden Markov Model ◽

Cognitive Performance ◽

Traffic Accidents ◽

Hidden Markov ◽

Model Parameters ◽

Detection Accuracy ◽

Cognitive Support ◽

Object Based

With increase in the number of elderly people in the Japanese society, traffic accidents caused by elderly driver is considered problematic. The primary factor of the traffic accidents is a reduction in their driving cognitive performance. Therefore, a system that supports the cognitive performance of drivers can greatly contribute in preventing accidents. Recently, the development of devices for visually providing information, such as smart glasses or head up display, is in progress. These devices can provide more effective supporting information for cognitive performance. In this article, we focus on the selection problem of information to be presented for drivers to realize the cognitive support system. It has been reported that the presentation of excessive information to a driver reduces the judgment ability of the driver and makes the information less trustworthy. Thus, indiscriminate presentation of information in the vision of the driver is not an effective cognitive support. Therefore, a mechanism for determining the information to be presented to the driver based on the current driving situation is required. In this study, the object that contributes to execution of avoidance driving operation is regarded as the object that drivers must recognize and present for drivers. This object is called as contributing object. In this article, we propose a method that selects contributing objects among the appeared objects on the current driving scene. The proposed method expresses the relation between the time series change of an appeared object and avoidance operation of the driver by a mathematical model. This model can predict execution timing of avoidance driving operation and estimate contributing object based on the prediction result of driving operation. This model named as contributing model consisted of multi-hidden Markov models. Hidden Markov model is time series probabilistic model with high readability. This is because that model parameters express the probabilistic distribution and its statistics. Therefore, the characteristics of contributing model are that it enables the designer to understand the basis for the output decision. In this article, we evaluated detection accuracy of contributing object based on the proposed method, and readability of contributing model through several experiments. According to the results of these experiments, high detection accuracy of contributing object was confirmed. Moreover, it was confirmed that the basis of detected contributing object judgment can be understood from contributing model.

Download Full-text

An Enhanced Hidden Semi-Markov model for Outlier Detection in Multivariate Datasets

10.22541/au.162685414.44316319/v1 ◽

2021 ◽

Author(s):

G Manoharan ◽

K Sivakumar

Keyword(s):

Markov Model ◽

Hidden Markov Model ◽

Outlier Detection ◽

Hidden Markov ◽

Research Work ◽

Detection Accuracy ◽

Detection Techniques ◽

Detection Model ◽

Huge Data ◽

Proposed Model

Outlier detection in data mining is an important arena where detection models are developed to discover the objects that do not confirm the expected behavior. The generation of huge data in real time applications makes the outlier detection process into more crucial and challenging. Traditional detection techniques based on mean and covariance are not suitable to handle large amount of data and the results are affected by outliers. So it is essential to develop an efficient outlier detection model to detect outliers in the large dataset. The objective of this research work is to develop an efficient outlier detection model for multivariate data employing the enhanced Hidden Semi-Markov Model (HSMM). It is an extension of conventional Hidden Markov Model (HMM) where the proposed model allows arbitrary time distribution in its states to detect outliers. Experimental results demonstrate the better performance of proposed model in terms of detection accuracy, detection rate. Compared to conventional Hidden Markov Model based outlier detection the detection accuracy of proposed model is obtained as 98.62% which is significantly better for large multivariate datasets.

Download Full-text

Identifying Intrusion Behaviour using Enhanced Hidden Markov Model

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.f4039.049620 ◽

2020 ◽

Vol 9 (4) ◽

pp. 1618-1623

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Markov Model ◽

Hidden Markov Model ◽

Credit Card ◽

Hidden Markov ◽

Network Intrusion Detection ◽

Detection Accuracy ◽

Constant Attention ◽

Network Intrusion

Data Mining is a method for detecting network intrusion detection in networks. It brings ideas from variety of areas including statistics, machine learning and database processes. Decreasing price of digital networking is now economically viable for network intrusion detection. This analysis chiefly examines the system intrusion detection with machine learning and DM methods. To improve the accuracy and efficiency of SHMM, we are collecting multiple observation in SHMM that will be called as Multiple Hidden Markov Model (MHMM). It is used to improve better Detection accuracy compare with SHMM. In the standard Hidden Markov Model, we have observed three fundamental problems are Evaluation and decoding another one is learning problem. The Evaluation problem can be used for word recognition. And the Decoding problem is related to constant attention and also the segmentation. In this Proposed Research, the primary purpose is to model the sequence of observation in Network log and credit card log transactions process using Enhanced Hidden Markov Model (EHMM). And show how it can be used for intrusion detection in Network. In this procedure, an EHMM is primarily trained with the conventional manners of a intruders. If the trained EHMM does not recognize an incoming Intruder transaction with adequately high probability, it is thought to be fraudulent.

Download Full-text

MONITORING FARMLAND LOSS CAUSED BY URBANIZATION IN BEIJING FROM MODIS TIME SERIES USING HIERARCHICAL HIDDEN MARKOV MODEL

ISPRS - International Archives of the Photogrammetry, Remote Sensing and Spatial Information Sciences ◽

10.5194/isprs-archives-xlii-3-2195-2018 ◽

2018 ◽

Vol XLII-3 ◽

pp. 2195-2199

Author(s):

Y. Yuan ◽

Y. Meng ◽

Y. X. Chen ◽

C. Jiang ◽

A. Z. Yue

Keyword(s):

Time Series ◽

Markov Model ◽

Hidden Markov Model ◽

Change Process ◽

Hidden Markov ◽

Satellite Image ◽

Detection Accuracy ◽

Hierarchical Hidden Markov Model ◽

Farmland Loss ◽

Multi Level

In this study, we proposed a method to map urban encroachment onto farmland using satellite image time series (SITS) based on the hierarchical hidden Markov model (HHMM). In this method, the farmland change process is decomposed into three hierarchical levels, i.e., the land cover level, the vegetation phenology level, and the SITS level. Then a three-level HHMM is constructed to model the multi-level semantic structure of farmland change process. Once the HHMM is established, a change from farmland to built-up could be detected by inferring the underlying state sequence that is most likely to generate the input time series. The performance of the method is evaluated on MODIS time series in Beijing. Results on both simulated and real datasets demonstrate that our method improves the change detection accuracy compared with the HMM-based method.

Download Full-text

Visual Saliency and Extended Hidden Markov Model Based Approach for Image Splicing Detection

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.385-386.1466 ◽

2013 ◽

Vol 385-386 ◽

pp. 1466-1469

Author(s):

Xiang Li ◽

Xuan Jing Shen ◽

Ying Da Lv ◽

Hai Peng Chen

Keyword(s):

Markov Model ◽

Hidden Markov Model ◽

Hidden Markov ◽

Visual Saliency ◽

Support Vector ◽

Detection Accuracy ◽

Blind Detection ◽

Image Splicing ◽

Image Splicing Detection ◽

Splicing Detection

In order to improve the detection accuracy of spliced images, a new blind detection based on visual saliency was proposed in this paper. Firstly, create the edge conspicuous map by an improved OSF-based method, and extract fixations by visual attention model. Then locate those fixations on conspicuous edges by conspicuous edge positioning method. Accordingly, key feature fragments can be captured. Secondly, extract Extended Hidden Markov Model features, and reduce their dimension by SVM-RFE. Finally, support vector machine was exploited to classify the authentic and spliced images. The experimental results showed that, when testing on the Columbia image splicing detection dataset, the detection accuracy of the proposed method was 96.68%.

Download Full-text

Abstract 336: A Machine Learning Algorithm for Detecting Pulse During Out-Of-Hospital Cardiac Arrest

Circulation ◽

10.1161/circ.140.suppl_2.336 ◽

2019 ◽

Vol 140 (Suppl_2) ◽

Author(s):

Erik Alonso ◽

Elisabete Aramendi ◽

Unai Irusta ◽

Mohamud R Daya

Keyword(s):

Machine Learning ◽

Cardiac Arrest ◽

Markov Model ◽

Hidden Markov Model ◽

Performance Metrics ◽

Learning Algorithm ◽

Hidden Markov ◽

Pulseless Electrical Activity ◽

Discrete Observation ◽

Hospital Cardiac Arrest

Introduction: Pulse detection during out-of-hospital cardiac arrest (OHCA) is a challenge still not satisfactorily solved. An automated and accurate method for detecting pulse would reduce hands-off intervals and allow for more prompt post-cardiac arrest care. The aim of this study was to develop a method based on machine learning (ML) to detect pulse during OHCA. Materials and methods: Data were gathered from 187 OHCA patients treated by Tualatin Valley Fire & Rescue (Tigard, OR, USA) using the Philips HeartStart MRx monitor/defibrillator between 2010 and 2014. The dataset used in the study contained 1140 5-s epochs presenting organized rhythms, 792 pulse-generating rhythms (PRs) and 348 pulseless electrical activity (PEA), annotated by consensus between two clinicians and a biomedical engineer using the available clinical information and the capnography signal. The dataset was split patient-wise into training (60%) and test (40%) sets. Each epoch contained the ECG and the thoracic impedance that were first preprocessed and then used to adaptively extract the impedance circulation component (ICC). The ICC shows a small fluctuation with each effective heartbeat. A total of 7 well-known waveform features were computed from the ECG and ICC and fed as observations to a discrete observation density hidden Markov model that classified each observation as PR (pulse) or PEA (no-pulse). The training set was used to develop and optimize the method, while the test set was used to measure the performance in terms of sensitivity (PR detection) and specificity (PEA detection). This procedure was repeated 50 times to estimate the distributions of the performance metrics. Results: The method showed a mean (SD) sensitivity and specificity of 95.4%(2.2) and 91.6% (3.4), respectively. Results were slightly above those previously reported by other authors using different ML techniques. Conclusions: A method based on a discrete observation density hidden Markov model can accurately detect pulse during OHCA. Further studies with larger datasets are needed to confirm these findings.

Download Full-text

An Anomaly Intrusion Detection Based on Hidden Markov Model System Call Sequenc

Advanced Materials Research ◽

10.4028/www.scientific.net/amr.225-226.609 ◽

2011 ◽

Vol 225-226 ◽

pp. 609-613

Author(s):

Dong Liang Wang ◽

Zhi Gang Wang

Keyword(s):

Intrusion Detection ◽

Markov Model ◽

Hidden Markov Model ◽

Hidden Markov ◽

Research Progress ◽

Detection Accuracy ◽

System Call ◽

Building Model ◽

Anomaly Intrusion Detection ◽

Call Sequence

To improve detection accuracy, Utilizing HMM (Hidden Markov model) and BW to building model, the detection accuracy improves greatly. First, the research progress of intrusion detection is recalled, then the model based on Markov and BW is presented. An example of using system call trace data which is used in intrusion detection, is given to illustrate the performance of this model. Finally, comparison of detection ability between the above detection method and others is given. It is found that the IDS based on HMM System Call sequence has improve the accuracy greatly.

Download Full-text