Bayesian Based Intrusion Detection System

Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 170)


In this paper intrusion detection using Bayesian probability is discussed. The systems designed are trained a priori using a subset of the KDD dataset. The trained classifier is then tested using a larger subset of KDD dataset. Initially, a system was developed using a naive Bayesian classifier that is used to identify possible intrusions. This classifier was able to detect intrusion with an acceptable detection rate. The classier was then extended to a multi-layer Bayesian based intrusion detection. Finally, we introduce the concept that the best possible intrusion detection system is a layered approach using different techniques in each layer.


Bayesian filter Intrusion detection KDD dataset Multi-layer filters Training engine U2R and R2L attacks 


  1. 1.
    Crothers T (2003) Implementing intrusion detection systems: a hands-on guide for securing the network. Wiley, IndianapolisGoogle Scholar
  2. 2.
    Bace R, Mell P (2001) NIST special publication on intrusion detection systems, National Institute of Standards and TechnologyGoogle Scholar
  3. 3.
    Agarwal R, Joshi M (2000) PNrule: a new framework for learning classifier models in data mining (a case-study in network intrusion detection)Google Scholar
  4. 4.
    Levin I (2000) KDD-99 classifier learning contest LLSoft’s results overview. ACM SIGKDD Explorations I(2):67–75CrossRefGoogle Scholar
  5. 5.
    Grapham P (2004) Hackers and painters: big ideas from the computer age, O’ReillyGoogle Scholar
  6. 6.
    Issac B, Jap W, Sutanto J (2009) Improved bayesian anti-spam filter Iimplementation and analysis on independent spam corpuses. In: international conference on computer engineering and technology, ICCET, Singapore, 2009Google Scholar
  7. 7.
    Alkabani Y, El-Kharashi M, Bedor H (2006) Hardware/software partitioning of a bayesian spam filter via hardware profiling. In: IEEE international symposium on industrial electronics, Canada, 2006Google Scholar
  8. 8.
    Chien J-T, Huang C-H, Shinoda K, Furui S (2006) Towards optimal bayes decision for speech recognition. In: IEEE international conference on acoustics, Speech and Signal Processing, ICASSP, Toulouse, 2006Google Scholar
  9. 9.
    Shi X, Manduchi R (2003) A study on bayes feature fusion for image classification. In: conference on computer vision and pattern recognition workshop, CVPRW, Madison, 2003Google Scholar
  10. 10.
    Kruegel C, Mutz D, Robertson W, Valeur F (2003) Bayesian event classification for intrusion detection. In: 19th annual computer security applications conference (ACSAC), IEEE Computer Society, Las VegasGoogle Scholar
  11. 11.
    Cemerlic A, Yang L, Kizza J (2008) Network intrusion detection based on bayesian networks. In: Proceedings of the twentieth international conference on software engineering and knowledge engineering, SEKE, CA, 2008Google Scholar
  12. 12.
    Mehdi M, Zair A, Anou A, Bensebti M (2007) A bayesian networks in intrusion detection systems. J Comput Sci 3(5):259–265CrossRefGoogle Scholar
  13. 13.
    Darwiche A (2010) Bayesian networks. Commun ACM 53(12):80–90CrossRefGoogle Scholar
  14. 14.
    KDD Cup (1999) Data, 1999. [Online]. Available.
  15. 15.
    Aickelin U, Twycross J, Hesketh-Roberts T (2007) Rule generalization in intrusion detection systems using SNORT. Int J Electron Secur Digit Forensics 1(1):101–116CrossRefGoogle Scholar
  16. 16.
    Lee W, SSJ, Mok K (1999) A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE symposium on security and privacy, OaklandGoogle Scholar
  17. 17.
    Chou TS (2007) Ensemble fuzzy belief intrusion detection design, Florida International University, Paper AAI3299199Google Scholar
  18. 18.
    Altwaijry H, Algarni S (2012) Bayesian based intrusion detection system. CCIS J, 1:1–6Google Scholar
  19. 19.
    Altwaijry H, Algarny S (2011) Multi-layer bayesian based intrusion detection system. In: Lecture notes in engineering and computer science: proceedings of the world congress on engineering and computer science, WCECS 2011, San Francisco, 19-21 October, pp 918–922Google Scholar
  20. 20.
    Snort—Homepage, [Online]. Available.

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  1. 1.Computer Engineering DepartmentKing Saud UniversityRiyadhSaudi Arabia

Personalised recommendations