Network-Based Anomaly Intrusion Detection Improvement by Bayesian Network and Indirect Relation

  • ByungRae Cha
  • DongSeob Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4693)


In this paper, Network-based anomaly intrusion detection method using Bayesian Networks was estimated probability values of behavior contexts based on Bayes theory and Indirect relation. The contexts of network-based FTP service was represented Bayesian Networks of graphic types. We profiled concisely network-based FTP behaviors using behavior context by prior, posterior and Indirect relation. And this method be able to visualize behavior profile to detect/analyze anomaly behavior. We achieve simulation to translate audit data of network into Bayesian network which is network-based behavior profile for anomaly detection.


Bayesian Network Packet Data Intrusion Detection Anomaly Detection Intrusion Detection System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Nassehi, M.: Characterizing Masqueraders for Intrusion Detection. Computer Science/Mathematics (1998)Google Scholar
  2. 2.
    Scott, S.L.: A Bayesian Paradigm for Designing Intrusion Detection Systems, Computational Statistics and Data Analysis (June 20, 2002)Google Scholar
  3. 3.
    Denning, D.E.: An Intrusion-Detection Model. IEEE Transaction on Software Engineering SE-13(2), 222–232 (1987)CrossRefGoogle Scholar
  4. 4.
    Shieh, S.-P., Gligor, V.D.: On a Pattern-Oriented Model for Intrusion Detection. IEEE Transaction on knowledge and Data Engineering 9(4) (July/August 1997)Google Scholar
  5. 5.
    Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection, Technical Report CSD-TR-94-013 (June 17, 1994)Google Scholar
  6. 6.
    Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security (2001)Google Scholar
  7. 7.
    Cha, B.R.: The Prototype of Bayesian framework based on XML for System Call Profiling, GESTS Int’l. Trans. Computer Science and Eng. 15(1) (2005)Google Scholar
  8. 8.
    Cha, B.R.: FTP Anomaly Detection Improvement by Indirection Relation and BF-XML Profiling. Journal of Convergence Information Technology 1(1) (December 2006)Google Scholar
  9. 9.
    Cha, B.R.: Improvement of Anomaly Intrusion Detection Performance by Indirect Relation for FTP Service. In: IWANN 2007. LNCS, vol. 4507, pp. 895–902. Springer, Heidelberg (2007)Google Scholar
  10. 10.
    Mahoney, M.V., Chan, P.K.: Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks (2002)Google Scholar
  11. 11.
    Mahoney, M.V., Chan, P.K.: PHAD: Packet Header Anomaly Detection for Identifying Hostile Network Traffic, Florida Institute of Technology Technical Report CS-2001-04 (2001)Google Scholar
  12. 12.

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • ByungRae Cha
    • 1
  • DongSeob Lee
    • 2
  1. 1.Dept. of Computer Eng., Honam Univ.Korea
  2. 2.Dept. of Information & Communication Eng., Honam Univ.Korea

Personalised recommendations