Anomaly-Based Intrusion Detection Using Bayesian Networks

Abstract

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the anomaly-based detection. The ultimate goal is to create a hybrid, misuse anomaly based solution that will allow interaction between these two techniques of intrusion detection. Ability to alter its behaviour based on historical data is also an important feature of the described system.