A Framework for an Adaptive Intrusion Detection System using Bayesian Network

Author

Jemili, Farah ; Zaghdoud, Montaceur ; Ben Ahmed, M.

Author_Institution

Manouba Univ., Manouba

fYear

2007

fDate

23-24 May 2007

Firstpage

66

Lastpage

70

Abstract

The goal of a network-based intrusion detection system (IDS) is to identify malicious behavior that targets a network and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network (BN) is known as graphical modeling tool used to model decision problems containing uncertainty. In this paper, a BN is used to build automatic intrusion detection system based on signature recognition. The goal is to recognize signatures of known attacks, match the observed behavior with those known signatures, and signal intrusion when there is a match. A major difficulty of this system is that intrusions signatures change over the time and the system must be retrained. An IDS must be able to adapt to these changes. The goal of this paper is to provide a framework for an adaptive intrusion detection system that uses Bayesian network.

Keywords

belief networks; computer networks; digital signatures; pattern matching; telecommunication security; Bayesian network; adaptive intrusion detection system; computer network; graphical modeling tool; malicious behavior; pattern matching; signature recognition; Adaptive systems; Bayesian methods; Computer networks; Intrusion detection; Laboratories; Operating systems; Protection; TCPIP; Telecommunication traffic; Traffic control; Adaptive intrusion detection; bayesian network; inference; learning algorithm; learning dataset;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics, 2007 IEEE

Conference_Location

New Brunswick, NJ

Electronic_ISBN

1-4244-1329-X

Type

conf

DOI

10.1109/ISI.2007.379535

Filename

4258675