Causal Discovery and Reasoning for Intrusion Detectionusing Bayesian Network

technology world today; confidentiality, availability and integrity of data are the aspects concerned. Firewall has been widely deployed as a protection but it is no longer adequate to against the intelligent intrusions and attacks which keep changing and transforming. A network intrusion detection and analysis system has been introduced in this paper to resolve the problems of data confidentiality, availability and integrity. The challenge of the study is; first, to model the network intrusion detection domain and second, to perform causal reasoning for intrusion detection and analysis based on the domain model constructed earlier. In this paper, a methodology has been proposed to resolve the two problems mentioned above. Both problems will be addressed under causal knowledge driven approach where intrusion detection is viewed as fault diagnosis and prognosis processes. We have proposed Bayesian network for the modeling of network intrusion domain. Also, powerful reasoning capabilities of Bayesian network have been applied to discover intrusion attacks. Since the capabilities of causal reasoning using Bayesian network have not been fully discovered in the domain of intrusion detection by most of the researchers before, this research work is to bridge the gap. From the results of the experiment, we have concluded that the capability of Bayesian learning is reasonably accurate and efficient.

[1]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[2]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[3]  Ajith Abraham,et al.  Feature deduction and ensemble design of intrusion detection systems , 2005, Comput. Secur..

[4]  Kevin B. Korb,et al.  Bayesian Artificial Intelligence , 2004, Computer science and data analysis series.

[5]  Hu Zhengbing,et al.  Study of Intrusion Detection Systems (IDSs) in Network Security , 2008, 2008 4th International Conference on Wireless Communications, Networking and Mobile Computing.

[6]  Christopher Krügel,et al.  Bayesian event classification for intrusion detection , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7]  Aman Jantan,et al.  An Approach for Anomaly Intrusion Detection Based on Causal Knowledge-Driven Diagnosis and Direction , 2008, Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing.

[8]  Jim Mellander,et al.  Intrusion Detection & Prevention , 2003 .

[9]  David A. Bell,et al.  Learning Bayesian networks from data: An information-theory based approach , 2002, Artif. Intell..

[10]  David J. Spiegelhalter,et al.  Local computations with probabilities on graphical structures and their application to expert systems , 1990 .

[11]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[12]  Kwong-Sak Leung,et al.  An efficient data mining method for learning Bayesian networks using an evolutionary algorithm-based hybrid approach , 2004, IEEE Transactions on Evolutionary Computation.

[13]  Wolfgang Banzhaf,et al.  The use of computational intelligence in intrusion detection systems: A review , 2010, Appl. Soft Comput..

[14]  Prakash P. Shenoy,et al.  A causal mapping approach to constructing Bayesian networks , 2004, Decis. Support Syst..

[15]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[16]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .