Misuse-Based Intrusion Detection Using Bayesian Networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the misuse-based detection. The ultimate goal is to provide better detection capabilities and less chance of false alarms by creating a platform capable of evaluating Snort alerts in a broader context - other alerts and network traffic in general. An ability to include on-demand information from third party programs is also an important feature of the presented approach to intrusion detection.

[1]  Wojciech Tylman Detecting Computer Intrusions with Bayesian Networks , 2009, IDEAL.

[2]  Rong Chen,et al.  Higen: an intelligent system for misuse detection , 2004, Proceedings of 2004 International Conference on Machine Learning and Cybernetics (IEEE Cat. No.04EX826).

[3]  Slobodan Petrovic,et al.  A New Two-Stage Search Procedure for Misuse Detection , 2007, Future Generation Communication and Networking (FGCN 2007).

[4]  David J. Spiegelhalter,et al.  Probabilistic Networks and Expert Systems , 1999, Information Science and Statistics.

[5]  Hu Zheng Bing,et al.  Data Mining Approaches for Signatures Search In Network Intrusion Detection , 2005, 2005 IEEE Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications.

[6]  N. Srinivasan,et al.  Timed Coloured Petri Net Model for Misuse Intrusion Detection , 2006, First International Conference on Industrial and Information Systems.

[7]  Wojciech Tylman Anomaly-Based Intrusion Detection Using Bayesian Networks , 2008, 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX.

[8]  A. Karim,et al.  Efficient Rule Generation for Cost-Sensitive Misuse Detection Using Genetic Algorithms , 2006, 2006 International Conference on Computational Intelligence and Security.

[9]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[10]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.