基于贝叶斯网络的异常入侵检测

2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX Pub Date : 2008-06-26 DOI:10.1109/DepCoS-RELCOMEX.2008.52

W. Tylman

{"title":"基于贝叶斯网络的异常入侵检测","authors":"W. Tylman","doi":"10.1109/DepCoS-RELCOMEX.2008.52","DOIUrl":null,"url":null,"abstract":"This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the anomaly-based detection. The ultimate goal is to create a hybrid, misuse anomaly based solution that will allow interaction between these two techniques of intrusion detection. Ability to alter its behaviour based on historical data is also an important feature of the described system.","PeriodicalId":167937,"journal":{"name":"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-06-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"21","resultStr":"{\"title\":\"Anomaly-Based Intrusion Detection Using Bayesian Networks\",\"authors\":\"W. Tylman\",\"doi\":\"10.1109/DepCoS-RELCOMEX.2008.52\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the anomaly-based detection. The ultimate goal is to create a hybrid, misuse anomaly based solution that will allow interaction between these two techniques of intrusion detection. Ability to alter its behaviour based on historical data is also an important feature of the described system.\",\"PeriodicalId\":167937,\"journal\":{\"name\":\"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX\",\"volume\":\"6 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-06-26\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"21\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DepCoS-RELCOMEX.2008.52\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DepCoS-RELCOMEX.2008.52","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 21

摘要

本文介绍了贝叶斯网络在计算机网络入侵检测过程中的应用。本文介绍的系统称为Basset(用于入侵检测的贝叶斯系统)，通过将贝叶斯网络作为附加处理阶段，扩展了Snort(一个开源NIDS)的功能。该解决方案的灵活性质允许它用于基于滥用和基于异常的检测过程;本文主要研究基于异常的检测方法。最终目标是创建一个混合的、基于误用异常的解决方案，允许这两种入侵检测技术之间的交互。根据历史数据改变其行为的能力也是所描述系统的一个重要特征。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Anomaly-Based Intrusion Detection Using Bayesian Networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the anomaly-based detection. The ultimate goal is to create a hybrid, misuse anomaly based solution that will allow interaction between these two techniques of intrusion detection. Ability to alter its behaviour based on historical data is also an important feature of the described system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX

自引率

0.00%

发文量