Detecting IT System Intrusions Using Hidden Markov Models

Abstract: In today's day and age, the use and implementation of cyber security software isof the utmost importance. Aiming to dive into the basic algorithms behind these softwareprograms, this paper highlights one of the different approaches that keep us safe online.More specifically, this paper looks at the use of Hidden Markov Models (HMMs) to bothdetect when an intrusion starts as well as classify the type of attack. A comparison analysisis performed in which different HMMs are tested against a baseline algorithm for thedifferent tasks. The study shows that HMMs could achieve a 96,7% accuracy in detectingcyber intrusions and a classification accuracy of almost 100%. This paper also showed thatthe baseline algorithms have a few qualities that make it preferable to HMMs when itcomes to classifying the attack. This paper may be complemented with further analysis inorder to reach a conclusion regarding the actual performance of the algorithms in everydayactivity.