Intrusion detection using probabilistic graphical models

نویسندگان

  • Liyuan Xiao
  • Ying Cai
  • Hailiang Liu
چکیده

In order to defend against extraordinary intelligent attacks in the era of rapidly growing information and technology nowadays, effective and efficient intrusion detection models are needed to detect and prevent intrusion promptly. Bayesian network (BN) classifiers with powerful reasoning capabilities have been increasingly utilized to detect intrusion attacks with reasonable accuracy and efficiency. However, existing approaches using BN classifiers for intrusion detection face two problems. First, the structures of Bayesian network classifiers are either manually built with the help of domain knowledge or trained from data using heuristic methods that usually select suboptimal models. Second, the classifiers are trained using very large datasets which may be time consuming to obtain in practice. When the size of training dataset is small, the performance of a single Bayesian network classifier is significantly reduced due to its inability to represent the whole probability distribution. To alleviate these problems, we build a Bayesian classifier by Bayesian Model Averaging (BMA) over the k-best Bayesian network classifiers, called Bayesian Network Model Averaging (BNMA) classifier. We train and evaluate the classifier on the NSL-KDD dataset, which is less redundant, thus more judicial than the commonly used KDD Cup 99 dataset. We show that the BNMA classifier performs significantly better in terms of detection accuracy and Area Under ROC (AUC) than the Naive Bayes classifier and the Bayesian network classifier built with heuristic method. We also show that the BNMA classifier trained using a small dataset even outperforms two other classifiers trained using a very large dataset, thus BNMA is particularly effective when large training datasets are unavailable. This also implies that the BNMA is beneficial in accelerating the

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

When Gossip is Good: Distributed Probabilistic Inference for Detection of Slow Network Intrusions

Intrusion attempts due to self-propagating code are becoming an increasingly urgent problem, in part due to the homogeneous makeup of the internet. Recent advances in anomalybased intrusion detection systems (IDSs) have made use of the quickly spreading nature of these attacks to identify them with high sensitivity and at low false positive (FP) rates. However, slowly propagating attacks are mu...

متن کامل

Rule-based joint fuzzy and probabilistic networks

One of the important challenges in Graphical models is the problem of dealing with the uncertainties in the problem. Among graphical networks, fuzzy cognitive map is only capable of modeling fuzzy uncertainty and the Bayesian network is only capable of modeling probabilistic uncertainty. In many real issues, we are faced with both fuzzy and probabilistic uncertainties. In these cases, the propo...

متن کامل

Probabilistic techniques for intrusion detection based on computer audit data

This paper presents a series of studies on probabilistic properties of activity data in an information system for detecting intrusions into the information system. Various probabilistic techniques of intrusion detection, including decision tree, Hotelling’s T test, chi-square multivariate test, and Markov chain are applied to the same training set and the same testing set of computer audit data...

متن کامل

Improvement and parallelization of Snort network intrusion detection mechanism using graphics processing unit

Nowadays, Network Intrusion Detection Systems (NIDS) are widely used to provide full security on computer networks. IDS are categorized into two primary types, including signature-based systems and anomaly-based systems. The former is more commonly used than the latter due to its lower error rate. The core of a signature-based IDS is the pattern matching. This process is inherently a computatio...

متن کامل

On the Role of Information Compaction to Intrusion Detection

An intrusion detection system (IDS) usually has to analyse Giga-bytes of audit information. In the case of anomaly IDS, the information is used to build a user profile characterising normal behaviour. Whereas for misuse IDSs, it is used to test against known attacks. Probabilistic methods, e.g. hidden Markov models, have proved to be suitable to profile formation but are prohibitively expensive...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2017