Title :
Integrating network misuse and anomaly prevention
Author :
Penva, Y.K. ; Bringas, Pablo G.
Author_Institution :
S3 Lab., Deusto Technol. Found., Bilbao
Abstract :
Network intrusion detection systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour to find those that do not fit into that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this background, this paper proposes a third alternative that hybrids misuse and anomaly prevention. In this way, ESIDE-Depian uses a Bayesian network to learn from both anomaly and misuse knowledge in order to be able to detect either kind of attacks, known and unknown. Finally, we evaluate ESIDE-Depian against all kind of menaces to prove in which degree it has been achieved to integrate both approaches.
Keywords :
belief networks; security of data; Bayesian network; anomaly prevention; misuse detection; network intrusion detection systems; network misuse; Bayesian methods; Computer networks; Computer security; Computerized monitoring; Detectors; Internet; Intrusion detection; Protection; Telecommunication traffic; Yarn;
Conference_Titel :
Industrial Informatics, 2008. INDIN 2008. 6th IEEE International Conference on
Conference_Location :
Daejeon
Print_ISBN :
978-1-4244-2170-1
Electronic_ISBN :
1935-4576
DOI :
10.1109/INDIN.2008.4618168
