Evidential reasoning in network intrusion detection systems
Intrusion Detection Systems (IDS) have previously been built by hand. These systems have difficulty successfully classifying intruders, and require a significant amount of computational overhead making it difficult to create robust real-time IDS systems. Artificial Intelligence techniques can reduce the human effort required to build these systems and can improve their performance. AI has recently been used in Intrusion Detection (ID) for anomaly detection, data reduction and induction, or discovery, of rules explaining audit data . This paper proposes the application of evidential reasoning for dealing with uncertainty in Intrusion Detection Systems. We show how dealing with uncertainty can allow the system to detect the abnormality in the user behavior more efficiently.
Unable to display preview. Download preview PDF.
- 1.J. Frank, “Artificial intelligence and intrusion detection: Current and future directions,” in Proceedings of 17th National Computer Security Conference, vol. 1, (Baltimore, Meryland), pp. 22–33, 11–14 oct 1994.Google Scholar
- 2.M. Esmaili, R. Safavi-Naini, and J. Pieprzyk, “Computer intrusion detection: A comparative survey,” Tech. Rep. TR-95-07, Department of Computer Science, University of Wollongong, Australia, 1995.Google Scholar
- 3.M. Esmaili, R. Safavi-Naini, and J. Pieprzyk, “Intrusion detection: A survey,” in Proceedings of Twelfth International Conference on Computer Communication ICCC'95, vol. 1, (Seoul, Korea), pp. 409–414, 21–24 August 1995. Sponsored by International Council for Computer Communication.Google Scholar
- 4.D. S. Bauer and M. E. Koblentz, “NIDX — an expert system for real-time network intrusion detection,” in Proceedings of the IEEE Computer Networking Symposium, pp. 98–106, 1988.Google Scholar
- 5.A. Brignone, “Fuzzy Sets: An answer to the evaluation of security systems?,” in Proceedings of Fourth IFIP TCII International Conference on Comp. Sec. (IFIP/Sec'86), (Monte Carlo, Monaco), pp. 143–151, 2–4 Dec. 1986.Google Scholar
- 6.H. Debar and B. Dorizzi, “An application of a recurrent network to an intrusion detection system,” in Proceedings of International Joint Conference on Neural Networks, pp. II478–II483, 7–11 June 1992.Google Scholar
- 7.H. Debar, M. Becker, and D. Siboni, “A neural network component for an intrusion detection system,” in proceedings of the 1992 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 240–250, 4–6 May 1992.Google Scholar
- 8.T. F. Lunt, “IDES: An intelligent system for detecting intruders,” in Proceedings of the Symposium: Computer Security, Threat and Countermeasures, (Rome, Italy), November 1990.Google Scholar
- 9.D. Anderson and et. al, “Next generation intrusion detection expert system (NIDES): User manual for security officer user interface (SOUI),” technical report, SRI International, 26 March 1993.Google Scholar
- 10.S. J. Henkind and M. C. Harrison, “An analysis of four uncertainty calculi,” IEEE Transactions on Systems, Man, and Cybernetics, vol. 18, pp. 700–714, Sept./Oct. 1988.Google Scholar
- 11.P. Lucas and L. Van Der Gaag, Principles of Expert Systems. Addison-Wesley Publishing Company, 1991.Google Scholar
- 12.J. D. Lowrance and T. D. Garvey, “A framework for evidential-reasoning systems,” in Readings in Uncertain Reasoning (G. Shafer and J. Pearl, eds.), pp. 611–618, San Mateo, California: Morgan Kaufmann Publishers, Inc., 1990.Google Scholar