This paper reports the results of a system that performs network anomaly detection through the use of Hidden Markov Models (HMMs). The HMMs used to detect anomalies are designed and trained using Genetic Algorithms (GAs). The use of GAs helps automating the use of HMMs, by liberating users from the need of statistical knowledge, assumed by software that trains HMMs from data. The number of states, connections and weights, and probability distributions of states are determined by the GA. Results are compared to those obtained with the Baum-Welch algorithm, proving that in all cases that we tested GA outperforms Baum-Welch. The best of the evolved HMMs was used to perform anomaly detection in network traffic activity with real data.
展开▼