This paper presents an application of Bayesian networks for network intrusion detection. The described system, named Basset, utilises this technique to enhance the process of misuse-based detection implemented in Snort system. The paper presents the structure of the proposed solution, the role of the Bayesian networks in the detection process and the application of the system to the detection of a real-world attack – an exploitation of a vulnerability in a web browser.


Bayesian networks network intrusion detection Snort Metasploit Framework 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Snort Homepage,
  2. 2.
    Cowell, R., Dawid, P., Lauritzen, S., Spiegelhalter, D.: Probabilistic Networks and Expert Systems. Springer, New York (1999)zbMATHGoogle Scholar
  3. 3.
    Neapolitan, R.: Learning Bayesian Networks. Pearson Prentice Hall, Upper Saddle River (2004)Google Scholar
  4. 4.
    Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann Publishers, San Mateo (1988)zbMATHGoogle Scholar
  5. 5.
    Tylman, W.: Misuse-Based Intrusion Detection Using Bayesian Networks. In: Proceedings of 3rd International Conference on Dependability of Computer Systems, pp. 203–210. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  6. 6.
    Metasploit Framework Homepage,
  7. 7.
    Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220–237. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Brugger, S.T., Chow, J.: An Assessment of the DARPA IDS Evaluation Dataset Using Snort. Technical Report, UC Davis (2007)Google Scholar
  9. 9.
    Bugtraq Webpage for the WebViewFolderIcon ActiveX Buffer Overflow Vulnerability,
  10. 10.
    Jemili, F., Zaghdoud, M., Ben Ahmed, M.: A Framework for an Adaptive Intrusion Detection System Using Bayesian Network. In: Proceedings of the IEEE International Conference on Intelligence and Security Informatics, pp. 66–70. IEEE, Piscataway (2007)Google Scholar
  11. 11.
    Liu, T., Qi, A., Hou, Y., Chang, X.: Method for Network Anomaly Detection Based on Bayesian Statistical Model with Time Slicing. In: Proceedings of the 7th World Congress on Intelligent Control and Automation, pp. 3881–3885. IEEE, Piscataway (2007)Google Scholar
  12. 12.
    Bringas, P.G.: Intensive Use of Bayesian Belief Networks for the Unified, Flexible and Adaptable Analysis of Misuses and Anomalies in Network Intrusion Detection and Prevention Systems. In: Proceedings of the 18th International Workshop on Database and Expert Systems Applications, pp. 365–371. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  13. 13.
    Khor, K.C., Ting, C.Y., Phon-Amnuaisuk, S.: A Probabilistic Approach for Network Intrusion Detection. In: Proceedings of the Second Asia International Conference on Modelling and Simulation, pp. 463–468. IEEE Press, New York (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Wojciech Tylman
    • 1
  1. 1.Wroclaw University of TechnologyWroclawPoland

Personalised recommendations