Misuse-Based Intrusion Detection Using Bayesian Networks

Author

Tylman, Wojciech

Author_Institution

Wroclaw Univ. of Technol., Warsaw

fYear

2008

fDate

26-28 June 2008

Firstpage

203

Lastpage

210

Abstract

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the misuse-based detection. The ultimate goal is to provide better detection capabilities and less chance of false alarms by creating a platform capable of evaluating Snort alerts in a broader context - other alerts and network traffic in general. An ability to include on-demand information from third party programs is also an important feature of the presented approach to intrusion detection.

Keywords

belief networks; computer networks; public domain software; security of data; Bayesian networks; anomaly-based detection process; computer networks; misuse-based intrusion detection; network traffic; ondemand information; open-source NIDS; Application software; Artificial intelligence; Bayesian methods; Computer networks; Fingerprint recognition; Humans; Intrusion detection; Open source software; Payloads; Telecommunication traffic; Bayesian networks; intrusion detection; misuse detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Dependability of Computer Systems, 2008. DepCos-RELCOMEX '08. Third International Conference on

Conference_Location

Szklarska Poreba

Print_ISBN

978-0-7695-3179-3

Type

conf

DOI

10.1109/DepCoS-RELCOMEX.2008.48

Filename

4573058