A Naive Bayes approach for detecting coordinated attacks

Proceedings - International Computer Software and Applications Conference

Volumn , Issue , 2008, Pages 704-709

  Benferhat, Salem ^a   Kenaza, Tayeb ^a   Mokhtari, Aicha ^b  

^a UNIVERSITÉ D'ARTOIS   (France)

^b UNIVERSITY OF SCIENCES AND TECHNOLOGY HOUARI BOUMEDIENE   (Algeria)

Author keywords

Alert correlation; Attack prediction; Intrusion detection; Naive bayes

Indexed keywords

CHLORINE COMPOUNDS; COMPUTER SOFTWARE; COMPUTERS; COORDINATION REACTIONS; CORRELATION METHODS; WORD PROCESSING;

ALERT CORRELATION; ALERT CORRELATIONS; ATTACK PREDICTION; COMPUTATIONAL ISSUES; DATA SETS; EFFICIENT ALGORITHMS; EXPERT KNOWLEDGE; HISTORICAL DATA; INTRUSION DETECTION; NAIVE BAYES; NAIVE BAYES APPROACH; SIMILARITY MEASURES;

COMPUTER APPLICATIONS;

EID: 51949090598     PISSN: 07303157     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/COMPSAC.2008.213     Document Type: Conference Paper

References (28)

1. ABOUZAKHAR N., GANI A., MANSON G., ABUITBEL M. and KING D., Bayesian Learning Networks Approach to Cybercrime Detection, proceedings of the 2003 PostGraduate Networking Conference, 2003.
2. AXELSSON S., Combining a Bayesian Classifier with Visualisation: Understanding the IDS, VizSEC/DMSEC-04, ACM, 99-108, 2004.
3. BENFERHAT S., AUTREL F. and CUPPENS F., Enhanced Correlation in an Intrusion Detection Process- Second International Workshop Mathematical Methods, Models and Architectures for Computer Networks Security, 157-170, St. Petersburg, Russia, September 20-24, 2003.
4. BEN AMOR N., BENFERHAT S. and ELOUEDI Z., Naive Bayes vs decision trees in intrusion detection systems, In Proceedings of the 2004 ACM Symposium on Applied Computing (SAC), Nicosia, Cyprus, March 14-17, 420-424, 2004.
5. CUPPENS F., Managing Alerts in a Multi-Intrusion Detection Environment, In proceedings of Recent Advances in Intrusion Detection, 22-31, Davis, CA, USA, October 10-12, 2001.
6. CUPPENS F. and MIEGE A., Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium of Security and Privacy, 202-215, Berkeley, California 1215 May 2002.
7. DAIN and CUNNINGHAM, Fusing a heterogeneous alert stream into scenario , In Proceedings of the 2001 ACM Workshop on Data Mining for Security Application, 1-13, November 2001.
8. DANIEL J. B., Linda F. W. and GEORGE V. C., Analysis of Distributed Intrusion Detection Systems Using Bayesian Methods, 21th IEEE International Conference on Performance, Computing, and Communications, 329-334, 2002.
9. DARPA 2000, http://www.ll.mit.edu/IST/ideval/data/data_index.html.
10. DEBAR H. and WESPI A., Aggregation and Correlation of Intrusion-Detection Alerts, In proceedings of Recent Advances in Intrusion Detection, 85-103, Davis, CA, USA, October 10-12, 2001.
11. DUDA R.O., HART P.E and STORK D.G. Pattern Classification, Hardcover, 2000.
12. FRIEDMAN N. and GOLDSZMIDT M., Building classifiers using bayesiannetworks, In Proceeding of American Association for Artificial Intelligence Conference (AAAI'96), Portland, Oregon, 1996.
13. GEIB C. and GOLDMAN R., Plan Recognition in Intrusion Detection Systems. In Proceding of DARPA Information Survivability Conference and Exposition (DISCEX), Volume 1, 46-55, June 2001.
14. GOWDIA V., PARKAS C., VELTORTA M., PAID: A Probabilistic Agent-Based Intrusion Detection system, Computers & Security, Elsiver, volume 24, 529-545, 2005.
15. HEKERMAN D., A Tutorial on Learning with Bayesian Networks. Technical Report MSR-TR-95-06, Microsoft Corporation, 1995.
16. JENSEN F.V., Introduction to Bayesian networks, UCL Press, University college, London 1996.
17. JULISCH K. Mining alarm clusters to improve alarm handling efficiency, In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC), 12-21, New Orleans, Louisiana, December 10-14, 2001.
18. LANGLEY P., IBA W. and THOMPSON K. Decision making using probabilistic inference methods, In Proceeding of the 18th National Information Security Conference, 194-204, 1995.
19. KANG D., FULLER D., HONAVAR V., Learning Classifiers for Misuse and Anomaly Detection Using a Bag of System Calls Representation, In Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY, 118-125, 2005.
20. KOHAVI R., BEAKER B. and SOMMERFIELD D., Improving simple Bayes, In Proceedings of the European Conference on Machine Learning, Prague, Czech Republic, April 23-26, 1997.
21. KRUGEL C., MUTZ D., ROBERTSON W.K., and VALEUR F., Bayesian Event Classification for Intrusion Detection, In Proceeding of 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA, 14-23, 8-12 December 2003.
22. NING P. and CUI Y., Analyzing intensive intrusion alerts via correlation. In Processing of Recent Advances in Intrusion Detection, 74-94 Zurich, Switzerland, October 16-18, 2002.
23. PEARL J. Probabilistic reasoning in intelligent systems: network of plausible inference, Motgan Kaufmman, San Francisco (California), 1988.
24. QIN X. and LEE W., Attack Plan Recognition and Prediction Using Causal Networks, ACSAC-04, 370-379, 2004.
25. RICARDO S. P., MARRAKCHIZ. and MÈ L., A Bayesian Classification Model for Real-Time Intrusion Detection, 22nd International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering. AlP Conference Proceedings, Volume 659, pp. 150-162, 2003.
26. SCOTT L. S., A Bayesian paradigm for designing intrusion detection systems, Computational Statistics & Data Analysis, Elsevier, 69-83, 2004.
27. STEVEN J. T. and KARM L., A requires/provides model for computer attacks, In Proceedings of New Security Paradigms Workshop, 31-38, Cork, Ireland, September 19th - 21st, 2000.
28. VALDES A. and SKINNER K., Probabilistic alert correlation, In Recent Advances in Intrusion Detection, 54-68, Davis, CA, USA, October 10-12, 2001.