Bayesian event classification for intrusion detection

Kruegel, Christopher; Mutz, D.; Robertson, William; Valeur, Fredrik

doi:10.1109/csac.2003.1254306

Cited by 233 publications

(136 citation statements)

References 10 publications

Supporting

Mentioning

134

Contrasting

Unclassified

Order By: Relevance

“…The authors make strict independence assumption between the features in an observation resulting in lower attack detection accuracy when the features are correlated, which is often the case for intrusion detection. Bayesian network [13] has also been used for intrusion detection. This method tends to be attack specific and build a decision network based on special characteristics of individual attacks.…”

Section: Related Workmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

171

View full text Add to dashboard Cite

This paper proposes a novel approach for intrusion detection system based on sampling with Least Square Support Vector Machine (LS-SVM). Decision making is performed in two stages. In the first stage, the whole dataset is divided into some predetermined arbitrary subgroups. The proposed algorithm selects representative samples from these subgroups such that the samples reflect the entire dataset. An optimum allocation scheme is developed based on the variability of the observations within the subgroups. In the second stage, least square support vector machine (LS-SVM) is applied to the extracted samples to detect intrusions. We call the proposed algorithm as optimum allocation-based least square support vector machine (OA-LS-SVM) for IDS. To demonstrate the effectiveness of the proposed method, the experiments are carried out on KDD 99 database which is considered a de facto benchmark for evaluating the performance of intrusions detection algorithm. All binary-classes and multiclass are tested and our proposed approach obtains a realistic performance in terms of accuracy and efficiency. Finally a way out is also shown the usability of the proposed algorithm for incremental datasets.

show abstract

Section: Related Workmentioning

confidence: 99%

A novel statistical technique for intrusion detection systems

Kabir

Wang

et al. 2018

Future Generation Computer Systems

171

View full text Add to dashboard Cite

show abstract

“…Kruegel et al [5]introduce the concept of Baysian Network statistical formulization to attempt to detect anomalies.…”

Section: Network Intrusion Detection and Preventionmentioning

confidence: 99%

Network Attack Analysis and the Behaviour Engine

Benham

Read

Sutherland

2013

Int. J. Com. Net. Tech.

View full text Add to dashboard Cite

Behaviour Engines allow the acquisition of tacit knowledge by using a learn-by-doing workflow and provide a direct interface between the expert user and the developing project code based on an intuitive justification-conclusion language; thus surpassing legacy policy engines by being a self developing and learning mechanism. This paper seeks to formulate the current state of the art in technology and processes and attempts to merge the application of ontological decision techniques of behaviour engines with network packet capture data, to detect data exfiltration attempts over covert channelling. The final goal of the research will be to develop a behaviour engine/intrusion detection solution for pre-emptive counter-measures to anomalous behaviour from within or without a network.speed.

show abstract

“…The most basic of these factors are the false alarm rate and the detection rate, and their tradeoff can be intuitively analyzed with the help of the receiver operating characteristic (ROC) curve [16,17,35,7,14]. However, as pointed out in [3,9,10], the information provided by the detection rate and the false alarm rate alone might not be enough to provide a good evaluation of the performance of an IDS.…”

Section: Introductionmentioning

confidence: 99%