• DocumentCode
    2450762
  • Title

    A Naive Bayes Approach for Detecting Coordinated Attacks

  • Author

    Benferhat, Salem ; Kenaza, Tayeb ; Mokhtari, Aicha

  • Author_Institution
    CNRS, Univ. d´´Artois, Lens
  • fYear
    2008
  • fDate
    July 28 2008-Aug. 1 2008
  • Firstpage
    704
  • Lastpage
    709
  • Abstract
    Alert correlation is a very useful mechanism to reduce the high volume of reported alerts and to detect complex and coordinated attacks. Existing approaches either require a large amount of expert knowledge or use simple similarity measures that prevent detecting complex attacks. They also suffer from high computational issues due, for instance, to a high number of possible scenarios. In this paper, we propose a Naive Bayes approach to alert correlation. Our modeling only needs a small part of expert knowledge. It takes advantage of available historical data, and provides efficient algorithms for detecting and predicting most plausible scenarios. Our approach is illustrated using the well known DARPA 2000 data set.
  • Keywords
    expert systems; security of data; DARPA 2000 data set; Naive Bayes approach; coordinated attacks; expert knowledge; Application software; Bayesian methods; Computer applications; Correlation; Intrusion detection; Lenses; Telecommunication traffic; Time measurement; Traffic control; Volume measurement; Bayesian networks; IDS; coordinated attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
  • Conference_Location
    Turku
  • ISSN
    0730-3157
  • Print_ISBN
    978-0-7695-3262-2
  • Electronic_ISBN
    0730-3157
  • Type

    conf

  • DOI
    10.1109/COMPSAC.2008.213
  • Filename
    4591651
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2450762