Bayesian Network-Based Approaches for Severe Attack Prediction and Handling IDSs' Reliability
作者: Karim Tabia , Philippe Leray
DOI: 10.1007/978-3-642-14058-7_65
关键词:
摘要: Probabilistic graphical models are very powerful modeling and reasoning tools. In this paper, we propose efficient Bayesian network-based approaches for two major problems in alert correlation which plays an important role nowadays computer security infrastructures. While the use of multiple intrusion detection systems (IDSs) complementary is highly recommended to improve overall rates, inevitably rises huge amounts alerts most redundant false alarms. The aim work twofold: Firstly, approach based on multi-nets allow take advantage local influence relationships order prediction severe attacks. Secondly, handle reliability IDSs by considering uncertainty relative triggered alerts. Experimental studies carried out real recent IDMEF produced de facto IDS Snort shows significant improvements with respect standard approaches. More particularly, handling IDSs’ significantly reduces alarm rate represents a crucial issue development.
springer.com
archives-ouvertes.fr
sci-hub.st 参考文章(14)
Ali A. Ghorbani, Bin Zhu, Alert Correlation for Extracting Attack Strategies International Journal of Network Security. ,vol. 3, pp. 244- 258 ,(2006)
Salem Benferhat, Karima Sedki, ALERT CORRELATION BASED ON A LOGICAL HANDLING OF ADMINISTRATOR PREFERENCES AND KNOWLEDGE international conference on security and cryptography. pp. 50- 56 ,(2008)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
G.C. Tjhai, M. Papadaki, S.M. Furnell, N.L. Clarke, Investigating the problem of IDS false alarms: An experimental study using Snort information security conference. pp. 253- 267 ,(2008) , 10.1007/978-0-387-09699-5_17
Jie Cheng, Russell Greiner, Learning Bayesian Belief Network Classifiers: Algorithms and System Advances in Artificial Intelligence. pp. 141- 151 ,(2001) , 10.1007/3-540-45153-6_14
A. Cano, J. G. Castellano, A. R Masegosa, S. Moral, Methods to Determine the Branching Attribute in Bayesian Multinets Classifiers Lecture Notes in Computer Science. pp. 932- 943 ,(2005) , 10.1007/11518655_78
Animesh Patcha, Jung-Min Park, None, An overview of anomaly detection techniques: Existing solutions and latest technological trends Computer Networks. ,vol. 51, pp. 3448- 3470 ,(2007) , 10.1016/J.COMNET.2007.02.001
Alfonso Valdes, Keith Skinner, Adaptive, Model-Based Monitoring for Cyber Attack Detection recent advances in intrusion detection. pp. 80- 92 ,(2000) , 10.1007/3-540-39945-3_6
Alfonso Valdes, Keith Skinner, Probabilistic Alert Correlation recent advances in intrusion detection. pp. 54- 68 ,(2001) , 10.1007/3-540-45474-8_4
Peng Ning, Yun Cui, Douglas S. Reeves, Constructing attack scenarios through correlation of intrusion alerts Proceedings of the 9th ACM conference on Computer and communications security - CCS '02. pp. 245- 254 ,(2002) , 10.1145/586110.586144