Title :
A Naive Bayes Approach for Detecting Coordinated Attacks
Author :
Benferhat, Salem ; Kenaza, Tayeb ; Mokhtari, Aicha
Author_Institution :
CNRS, Univ. d´´Artois, Lens
fDate :
July 28 2008-Aug. 1 2008
Abstract :
Alert correlation is a very useful mechanism to reduce the high volume of reported alerts and to detect complex and coordinated attacks. Existing approaches either require a large amount of expert knowledge or use simple similarity measures that prevent detecting complex attacks. They also suffer from high computational issues due, for instance, to a high number of possible scenarios. In this paper, we propose a Naive Bayes approach to alert correlation. Our modeling only needs a small part of expert knowledge. It takes advantage of available historical data, and provides efficient algorithms for detecting and predicting most plausible scenarios. Our approach is illustrated using the well known DARPA 2000 data set.
Keywords :
expert systems; security of data; DARPA 2000 data set; Naive Bayes approach; coordinated attacks; expert knowledge; Application software; Bayesian methods; Computer applications; Correlation; Intrusion detection; Lenses; Telecommunication traffic; Time measurement; Traffic control; Volume measurement; Bayesian networks; IDS; coordinated attacks;
Conference_Titel :
Computer Software and Applications, 2008. COMPSAC '08. 32nd Annual IEEE International
Conference_Location :
Turku
Print_ISBN :
978-0-7695-3262-2
Electronic_ISBN :
0730-3157
DOI :
10.1109/COMPSAC.2008.213
