{"title":"基于两层贝叶斯网络的入侵检测系统异常检测模型","authors":"Huijuan Lu, Jianguo Chen, Wei Wei","doi":"10.1109/ISECS.2008.178","DOIUrl":null,"url":null,"abstract":"An intrusion detection system (IDS) attempts to identify attacks by comparing collected data to predefined signatures known to be malicious (signature-based IDS) or to a model of legal behaviour (anomaly-based IDS). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behaviour which may result in a large number of false alarms. Two reasons for the large number of false alarms, caused by incorrect classification of events in current systems, one is the simplistic aggregation of model outputs inthe decision phase. The other reason is the lack of integration of additional information into the decision process. To mitigate these shortcomings, this paper proposes a two stratum Bayesian networks based anomaly detection and decision model for intrusion detection system. Bayesian networks improve the aggregation of outputs, such as empirical data and allow one to seamlessly incorporate additional information. Experimental results clearly demonstrate the efficiency of our approach to improve the accuracy of the intrusion detection and decision process in an anomaly based IDS.","PeriodicalId":144075,"journal":{"name":"2008 International Symposium on Electronic Commerce and Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-08-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Two Stratum Bayesian Network Based Anomaly Detection Model for Intrusion Detection System\",\"authors\":\"Huijuan Lu, Jianguo Chen, Wei Wei\",\"doi\":\"10.1109/ISECS.2008.178\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"An intrusion detection system (IDS) attempts to identify attacks by comparing collected data to predefined signatures known to be malicious (signature-based IDS) or to a model of legal behaviour (anomaly-based IDS). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behaviour which may result in a large number of false alarms. Two reasons for the large number of false alarms, caused by incorrect classification of events in current systems, one is the simplistic aggregation of model outputs inthe decision phase. The other reason is the lack of integration of additional information into the decision process. To mitigate these shortcomings, this paper proposes a two stratum Bayesian networks based anomaly detection and decision model for intrusion detection system. Bayesian networks improve the aggregation of outputs, such as empirical data and allow one to seamlessly incorporate additional information. Experimental results clearly demonstrate the efficiency of our approach to improve the accuracy of the intrusion detection and decision process in an anomaly based IDS.\",\"PeriodicalId\":144075,\"journal\":{\"name\":\"2008 International Symposium on Electronic Commerce and Security\",\"volume\":\"26 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-08-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 International Symposium on Electronic Commerce and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISECS.2008.178\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 International Symposium on Electronic Commerce and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISECS.2008.178","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Two Stratum Bayesian Network Based Anomaly Detection Model for Intrusion Detection System
An intrusion detection system (IDS) attempts to identify attacks by comparing collected data to predefined signatures known to be malicious (signature-based IDS) or to a model of legal behaviour (anomaly-based IDS). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behaviour which may result in a large number of false alarms. Two reasons for the large number of false alarms, caused by incorrect classification of events in current systems, one is the simplistic aggregation of model outputs inthe decision phase. The other reason is the lack of integration of additional information into the decision process. To mitigate these shortcomings, this paper proposes a two stratum Bayesian networks based anomaly detection and decision model for intrusion detection system. Bayesian networks improve the aggregation of outputs, such as empirical data and allow one to seamlessly incorporate additional information. Experimental results clearly demonstrate the efficiency of our approach to improve the accuracy of the intrusion detection and decision process in an anomaly based IDS.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
