A continuous time bayesian network approach for intrusion detection
作者: Christian R. Shelton , Jing Xu
DOI:
关键词:
摘要: Network attacks on computers have become a fact of life for network administrators. Detecting accurately is important to limit their scope and destruction. Intrusion detection systems (IDSs) fall into two high-level categories: network-based (NIDS) that monitor behaviors, host-based (HIDS) system calls. In this work, we present general technique both systems. We consider the problem detecting intrusions host level. We use anomaly detection, which identifies patterns not conforming historic norm. Our approach does require expensive labeling or prior exposure attack type. types systems, rates change vary dramatically over time (due burstiness) components service difference). To efficiently model such continuous Bayesian networks (CTBNs) avoid specifying fixed interval. build generative models from non-attack data, flag future event sequences whose likelihood under norm below threshold. As NIDS, our method differs previous approaches in explicitly modeling temporal dependencies traffic. are therefore more sensitive subtle variations events. first construct factored CTBN packet traces. simple extensions CTBNs allow instantaneous events do result state changes, simultaneous transitions variables. then extend connected one. it hierarchical way Rao-Blackwellized particle filtering inference. illustrate power through experiments real worms identifying hosts publicly available traces, MAWI dataset LBNL dataset. For HIDS, develop novel learning deal with finite resolution log file stamps, without losing benefits model. demonstrate by DARPA 1998 BSM dataset.
参考文章(44)
Gaurav Tandon, Philip K. Chan, Learning Useful System Call Attributes for Anomaly Detection. the florida ai research society. pp. 405- 411 ,(2005)
Yihua Liao, V. Rao Vemuri, Wenjie Hu, Robust Support Vector Machines for Anomaly Detection in Computer Security. international conference on machine learning and applications. pp. 168- 174 ,(2003)
Uri Nodelman, Suchi Saria, Daphne Koller, Reasoning at the right time granularity uncertainty in artificial intelligence. pp. 326- 334 ,(2007)
Richard Dearden, Avi Pfeffer, Brenda Ng, Continuous time particle filtering international joint conference on artificial intelligence. pp. 1360- 1365 ,(2005)
Levent Ertöz, Aleksandar Lazarevic, Vipin Kumar, Jaideep Srivastava, Aysel Ozgur, A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. siam international conference on data mining. pp. 25- 36 ,(2003)
John Mark Agosta, Jaideep Chandrashekar, Carlos Diuk-Wasser, Carl Livadas, An adaptive anomaly detector for worm detection usenix workshop on tackling computer systems problems with machine learning techniques. pp. 3- ,(2007)
Raz Kupferman, Nir Friedman, Tal El-Hay, Gibbs sampling in factorized continuous-time Markov processes uncertainty in artificial intelligence. pp. 169- 178 ,(2008)
Daniel S. Weld, Henry Kautz, Karthik Gopalratnam, Extending continuous time Bayesian networks national conference on artificial intelligence. pp. 981- 986 ,(2005)
Jing Xu, Christian R. Shelton, Continuous Time Bayesian Networks for Host Level Network Intrusion Detection european conference on machine learning. pp. 613- 627 ,(2008) , 10.1007/978-3-540-87481-2_40
Eleazar Eskin, Anomaly Detection over Noisy Data using Learned Probability Distributions international conference on machine learning. pp. 255- 262 ,(2000) , 10.7916/D8C53SKF