Title: Misuse-based intrusion detection using Bayesian networks

Authors: Wojciech Tylman

Addresses: Institute of Computer Engineering, Control and Robotics, Faculty of Electronics, Wroclaw University of Technology, Wybrzeze Wyspianskiego 27, 50-370, Wroclaw, Poland

Abstract: This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Bayesian system for intrusion detection (Basset) extends functionality of Snort, an open-source network intrusion detection system (NIDS), by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the misuse-based detection. The ultimate goal is to provide better detection capabilities and less chance of false alerts by creating a platform capable of evaluating Snort alerts in a broader context – other alerts and network traffic in general. An ability to include on-demand information from third party programmes is also an important feature of the presented approach to intrusion detection.

Keywords: intrusion detection; network security; misuse detection; Bayesian networks; Snort; computer networks; anomaly detection.

DOI: 10.1504/IJCCBS.2010.031713

International Journal of Critical Computer-Based Systems, 2010 Vol.1 No.1/2/3, pp.178 - 190

Published online: 21 Feb 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article