Optimal Bayesian network design for efficient Intrusion Detection

Computer networks are nowadays subject to an increasing number of attacks. Intrusion Detection Systems (IDS) are designed to protect them by identifying malicious behaviours or improper uses. Since the scope is different in each case (register already-known menaces to later recognise them or model legitimate uses to trigger when a variation is detected), IDS have failed so far to respond against both kind of attacks. Lately, Bayesian networks (BN) have provided an innovative solution to fill this gap by integrating both domains within a common knowledge representation model. Still, the huge computational effort that has to be invested in the BN with such knowledge model makes them not feasible and not practical for real-world scenarios. Against this background, we propose the use of expert knowledge to enhance and optimise the design of the IDS, shortening subsequently the training process. This expert knowledge is represented as a set of hypotheses that must be verified to justify their utility. In this way, we have tested our approach with several samples of data showing that all the hypotheses assumed were true and, therefore, that the proposed methodology to trim down the design and training processes yields an optimal Bayesian network for Intrusion Detection.