论文信息 - A BAYESIAN CLASSIFICATION MODEL FOR REAL TIME COMPUTER NETWORK INTRUSION DETECTION SYSTEMS

A BAYESIAN CLASSIFICATION MODEL FOR REAL TIME COMPUTER NETWORK INTRUSION DETECTION SYSTEMS

Intrusion detection systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of legal behaviour (anomaly-based IDSs). In this paper we present a new design of an anomaly IDS. Design and development of the IDS are considered in three main steps: normal behaviour construction, anomaly- based detection intrusion and model upgrading. A parametrical mixture model is used for behaviour modelling from reference data and the associated Bayesian classification. Real-time requirements are presented as well as detection and upgrade algorithms for the special case of Gaussian parametrical model and are evaluated with respect to their real-time features.

A. Anou | Mustapha Djebari | Messaoud Bensebti | M. Mehdi

[1] Benjamin Morin,et al. Flexible Intrusion Detection Using Variable-Length Behavior Modeling in Distributed Environment: Application to CORBA Objects , 2000, Recent Advances in Intrusion Detection.

[2] Peter C. Cheeseman,et al. Bayesian Classification (AutoClass): Theory and Results , 1996, Advances in Knowledge Discovery and Data Mining.

[3] Haiyun Luo,et al. Self-securing ad hoc wireless networks , 2002, Proceedings ISCC 2002 Seventh International Symposium on Computers and Communications.

[4] Zakia Marrakchi. Détection d'intrusions comportementale dans les systèmes à objets répartis : modélisation des séquences de requêtes et de la répartition de leurs paramètres , 2002 .

[5] Richard A. Johnson,et al. Applied Multivariate Statistical Analysis , 1983 .

[6] Christopher Krügel,et al. Flexible, Mobile Agent Based Intrusion Detection for Dynamic Networks , 2001 .

[7] Marc Dacier,et al. A revised taxonomy for intrusion-detection systems , 2000, Ann. des Télécommunications.