Work done done under Prof. Dr. Faruk Kazi.

For modelling the behavioural aspect of an attacker actions, we propose a novel semi-supervised algorithm called Fusion Hidden Markov Model (FHMM) which is more robust to noise, requires comparatively less training time, and utilizes the benefits of ensemble learning to better model temporal relationships in data. This paper evaluates the performances of FHMM and compares it with both traditional algorithms like Markov Chain, Hidden Markov Model (HMM) and recently developed Deep Recurrent Neural Network (Deep RNN) architectures. We conduct the experiments on dataset consisting of real data attacks on a Cowrie honeypot system. FHMM provides accuracy comparable to deep RNN architectures at significant lower training time.

Important Links

Attacker Behaviour Profiling using Stochastic Ensemble of Hidden Markov Models
Markov Chain and HMMs - Stanford