A Hidden Markov Model approach to synthetic trace generation

Speaker:

Anna Sperotto

Date:

13 November 2009

Time:

12:30

Room:

Zi-5126

Abstract:

Design and evaluation of Intrusion Detection Systems implicitly rely on the availability of data of which we certainly know the benign or malicious nature. In other words, scientists are looking for the "ground truth". However, the creation of such a data set is a time-consuming and demanding operation, even more if we aim to work with flow-data.

In this talk, we present an approach to the synthetic creation of data sets, in the particular case of flow-based time series generation. The approach is based on Hidden Markov Models and our case study is SSH traffic.