Network-Based Anomaly Intrusion Detection Improvement by Bayesian Network and Indirect Relation
In this paper, Network-based anomaly intrusion detection method using Bayesian Networks was estimated probability values of behavior contexts based on Bayes theory and Indirect relation. The contexts of network-based FTP service was represented Bayesian Networks of graphic types. We profiled concisely network-based FTP behaviors using behavior context by prior, posterior and Indirect relation. And this method be able to visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate audit data of network into Bayesian network which is network-based behavior profile for anomaly detection.
KeywordsBayesian Network Packet Data Intrusion Detection Anomaly Detection Intrusion Detection System
Unable to display preview. Download preview PDF.
- 1.Nassehi, M.: Characterizing Masqueraders for Intrusion Detection. Computer Science/Mathematics (1998)Google Scholar
- 2.Scott, S.L.: A Bayesian Paradigm for Designing Intrusion Detection Systems, Computational Statistics and Data Analysis (June 20, 2002)Google Scholar
- 4.Shieh, S.-P., Gligor, V.D.: On a Pattern-Oriented Model for Intrusion Detection. IEEE Transaction on knowledge and Data Engineering 9(4) (July/August 1997)Google Scholar
- 5.Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection, Technical Report CSD-TR-94-013 (June 17, 1994)Google Scholar
- 6.Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)Google Scholar
- 7.Cha, B.R.: The Prototype of Bayesian framework based on XML for System Call Profiling, GESTS Int’l. Trans. Computer Science and Eng. 15(1) (2005)Google Scholar
- 8.Cha, B.R.: FTP Anomaly Detection Improvement by Indirection Relation and BF-XML Profiling. Journal of Convergence Information Technology 1(1) (December 2006)Google Scholar
- 9.Cha, B.R.: Improvement of Anomaly Intrusion Detection Performance by Indirect Relation for FTP Service. In: IWANN 2007. LNCS, vol. 4507, pp. 895–902. Springer, Heidelberg (2007)Google Scholar
- 10.Mahoney, M.V., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks (2002)Google Scholar
- 11.Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic, Florida Institute of Technology Technical Report CS-2001-04 (2001)Google Scholar