{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,14]],"date-time":"2026-02-14T02:16:07Z","timestamp":1771035367083,"version":"3.50.1"},"reference-count":32,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2018,12,25]],"date-time":"2018-12-25T00:00:00Z","timestamp":1545696000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["MAKE"],"abstract":"<jats:p>The all IP nature of the next generation (5G) networks is going to open a lot of doors for new vulnerabilities which are going to be challenging in preventing the risk associated with them. Majority of these vulnerabilities might be impossible to detect with simple networking traffic monitoring tools. Intrusion Detection Systems (IDS) which rely on machine learning and artificial intelligence can significantly improve network defense against intruders. This technology can be trained to learn and identify uncommon patterns in massive volume of traffic and notify, using such as alert flags, system administrators for additional investigation. This paper proposes an IDS design which makes use of machine learning algorithms such as Hidden Markov Model (HMM) using a multi-layer approach. This approach has been developed and verified to resolve the common flaws in the application of HMM to IDS commonly referred as the curse of dimensionality. It factors a huge problem of immense dimensionality to a discrete set of manageable and reliable elements. The multi-layer approach can be expanded beyond 2 layers to capture multi-phase attacks over longer spans of time. A pyramid of HMMs can resolve disparate digital events and signatures across protocols and platforms to actionable information where lower layers identify discrete events (such as network scan) and higher layers new states which are the result of multi-phase events of the lower layers. The concepts of this novel approach have been developed but the full potential has not been demonstrated.<\/jats:p>","DOI":"10.3390\/make1010017","type":"journal-article","created":{"date-parts":[[2018,12,26]],"date-time":"2018-12-26T04:29:54Z","timestamp":1545798594000},"page":"265-286","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":25,"title":["Multi-Layer Hidden Markov Model Based Intrusion Detection System"],"prefix":"10.3390","volume":"1","author":[{"given":"Wondimu K.","family":"Zegeye","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, Morgan State University, Baltimore, MD 21251, USA"}]},{"given":"Richard A.","family":"Dean","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Morgan State University, Baltimore, MD 21251, USA"}]},{"given":"Farzad","family":"Moazzami","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Morgan State University, Baltimore, MD 21251, USA"}]}],"member":"1968","published-online":{"date-parts":[[2018,12,25]]},"reference":[{"key":"ref_1","unstructured":"Bace, R., and Mell, P. (2018, July 07). Intrusion Detection Systems, NIST Special Publication 800-31, Available online: https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-31\/archive\/2001-11-01."},{"key":"ref_2","unstructured":"Brown, D.J., Bill Suckow, B., and Wang, T. A Survey of Intrusion Detection Systems, Department of Computer Science, University of California. Available online: http:\/\/citeseerx.ist.psu.edu\/viewdoc\/download?doi=10.1.1.87.408&rep=rep1&type=pdf."},{"key":"ref_3","unstructured":"(2018, July 14). Cisco 2018 Annual Cybersecurity Report. Available online: https:\/\/www.cisco.com\/c\/en\/us\/products\/security\/security-reports.html."},{"key":"ref_4","unstructured":"Johns Hopkins University (2004). HMM Profiles for Network Traffic Classification (Extended Abstract). Towards Better Protocol Identification Using Profile HMMs, Johns Hopkins University. JHU Technical Report, JHU-SPAR051201."},{"key":"ref_5","unstructured":"Zegeye, W.K., Moazzami, F., and Richard Dean, R.A. (2018, January 5\u20138). Design of Intrusion Detection System (IDS) Using Hidden Markov Model (HMM). Proceedings of the International Telemetering Conference, Glendale, AZ, USA."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Ourston, D., Matzner, S., Stump, W., and Hopkins, B. (2003, January 6\u20139). Applications of Hidden Markov Models to Detecting Multi-stage Network Attacks. Proceedings of the 36th Hawaii International Conference on System Sciences, Big Island, HI, USA.","DOI":"10.1109\/HICSS.2003.1174909"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Shawly, T., Elghariani, A., Kobes, J., and Ghafoor, A. (arXiv, 2018). Architectures for Detecting Real-time Multiple Multi-stage Network Attacks Using Hidden Markov Model. Cryptography and Security (cs.CR), arXiv.","DOI":"10.1109\/TDSC.2019.2948623"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"487","DOI":"10.2307\/2171751","article-title":"Using Randomization to Break the Curse of Dimensionality","volume":"65","author":"Rust","year":"1997","journal-title":"Econometrica"},{"key":"ref_9","unstructured":"Cherki, D. (2002). Decomposition des Problemes de Decision Markoviens. [Ph.D. Thesis, Faculty of Science Rabat]."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Amjad, M., Tobi, A., and Duncan, I. (2018). KDD 1999 generation faults: A review and analysis. J. Cyber Secur. Technol.","DOI":"10.1080\/23742917.2018.1518061"},{"key":"ref_11","unstructured":"Hindy, H., Brosset, D., Bayne, E., Seeam, A., Tachtatzis, C., Atkinson, R., and Bellekens, X. (arXiv, 2018). A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets, arXiv."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.A., and Ghorbani, A.A. (2018, January 22\u201324). Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), INSTICC, Funchal, Portugal.","DOI":"10.5220\/0006639801080116"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Gharib, A., Lashkari, A., and Ghorbani, A.A. (2017). Towards a reliable intrusion detection benchmark dataset. Softw. Netw., 177\u2013200.","DOI":"10.13052\/jsn2445-9739.2017.009"},{"key":"ref_14","unstructured":"CIC (2017). CICFlowMeter (2017), Canadian Institute for Cybersecurity (CIC)."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Manhart, K. (1996). Artificial Intelligence Modelling: Data Driven and Theory Driven Approaches. Social Science Micro Simulation (Dagstuhl Seminar, May, 1995), Springer.","DOI":"10.1007\/978-3-662-03261-9_19"},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"471","DOI":"10.1016\/j.jbi.2012.01.002","article-title":"A hybrid knowledge-based and data-driven approach to identifying semantically similar concepts","volume":"45","author":"Pivovarov","year":"2012","journal-title":"J. Biomed. Inform."},{"key":"ref_17","unstructured":"Gelsema, E.S., and Kanal, L.N. (1980). A critical evaluation of intrinsic dimensionality algorithms. Pattern Recognition in Practice (North-Holland Amsterdam), North-Holland Pub."},{"key":"ref_18","unstructured":"Smith, L. A tutorial on Principal Components Analysis. Technical Report OUCS-2002-12, Department of Computer Science, University of Otago. Available online: http:\/\/www.cs.otago.ac.nz\/research\/publications\/OUCS-2002-12.pdf."},{"key":"ref_19","unstructured":"Shlens, J. (2014). A Tutorial on Principal Component Analysis, Google Research. Version 3.02."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"245","DOI":"10.1207\/s15327906mbr0102_10","article-title":"The scree test for the number of factors","volume":"1","author":"Cattell","year":"1966","journal-title":"Multivar. Behav. Res."},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1177\/001316446002000116","article-title":"The application of electronic computers to factor analysis","volume":"20","author":"Kaiser","year":"1960","journal-title":"Educ. Psychol. Meas."},{"key":"ref_22","unstructured":"McCune, B., Grace, J.B., and Urban, D.L. (2002). Analysis of Ecological Communities, MjM Software Design."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"129","DOI":"10.1109\/TIT.1982.1056489","article-title":"Least squares quantization in pcm","volume":"28","author":"Stuart","year":"1982","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_24","unstructured":"Alpaydin, E. (2004). Introduction to Machine Learning, MIT Press."},{"key":"ref_25","unstructured":"Ng, A. (2018, September 14). The K-Means Clustering Algorithm. CS229: Machine Learning. Available online: http:\/\/cs229.stanford.edu\/notes\/cs229-notes7a.pdf."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"4","DOI":"10.1109\/MASSP.1986.1165342","article-title":"An Introduction to hidden Markov Models","volume":"3","author":"Rabiner","year":"1986","journal-title":"IEEE ASSP Mag."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"257","DOI":"10.1109\/5.18626","article-title":"A tutorial on hidden Markov Models and selected applications in speech recognition","volume":"77","author":"Rabiner","year":"1989","journal-title":"Proc. IEEE"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"1554","DOI":"10.1214\/aoms\/1177699147","article-title":"Statistical inference for probabilistic functions of finite state Markov Chains","volume":"37","author":"Baum","year":"1966","journal-title":"Ann. Math. Stat."},{"key":"ref_29","unstructured":"Bilmes, J. (1997). A Gentle Tutorial on EM Algorithm and Its Application to Parameter Estimation for Gasussian Mixture and Hidden Markov Models, International Computer Science Institute."},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"621","DOI":"10.1109\/TIFS.2017.2762828","article-title":"Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection","volume":"13","author":"Aminanto","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_31","unstructured":"Atli, B. (2017). Anomaly-Based Intrusion Detection by Modeling Probability Distributions of Flow Characteristics. [Ph.D. Thesis, Aalto University]. Available online: http:\/\/urn.fi\/URN:NBN:fi:aalto-201710307348."},{"key":"ref_32","unstructured":"Hodo, E., Bellekens, X., Hamilton, A., Tachtatzis, C., and Atkinson, R. (arXiv, 2017). Shallow and deep networks intrusion detection system: A taxonomy and survey, arXiv."}],"container-title":["Machine Learning and Knowledge Extraction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2504-4990\/1\/1\/17\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:36:06Z","timestamp":1760196966000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2504-4990\/1\/1\/17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,12,25]]},"references-count":32,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2019,3]]}},"alternative-id":["make1010017"],"URL":"https:\/\/doi.org\/10.3390\/make1010017","relation":{},"ISSN":["2504-4990"],"issn-type":[{"value":"2504-4990","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,12,25]]}}}