A SOM and Bayesian network architecture for alert filtering in network intrusion detection systems

Proceedings - 2006 International Conference on Information and Communication Technologies: From Theory to Applications, ICTTA 2006

Volumn 2, Issue , 2006, Pages 3175-3180

  Faour, Ahmad ^a   Leray, Philippe ^a   Eter, Bassam ^b  

^a and Institut national de la santé et de la recherche médicale   (France)

^b Univ Libantaise   (Lebanon)

Author keywords

Bayesian networks and alarms filterirng; Clusterirng; Intrusion detection; Network security

Indexed keywords

ALARM SYSTEMS; BAYESIAN NETWORKS; INTRUSION DETECTION; MERCURY (METAL); NETWORK ARCHITECTURE;

ALERT FILTERING; CLASSICAL METHODS; CLUSTERIRNG; HUMAN OPERATOR; LARGE VOLUMES; NEW APPROACHES; PROBABILISTIC GRAPHICAL MODELS; SECURITY COUNTERMEASURES;

NETWORK SECURITY;

EID: 84891967788     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICTTA.2006.1684924     Document Type: Conference Paper

References (31)

1. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. State of the practice of Intrusion Detection Technologies. Technical Report, Carnegie Mellon University. 2000.
2. M. Almegren, H. Debar and M. Dacier. A lightweight tool for detecting web server attacks. Network and Distributed System Security Symposium (NDSS 2000), p 157-170, 2000.
3. R. Bace. Intrusion Detection. Macmiillan Technical Publishirng. 2000.
4. N. Ben Amor, S. Benferhat, and Z. Elouedi. Naive Bayesian Networks irn Intrusion Detection Systems. Workshop on Probabilistic Graphical Models for Classification, 14th European Conference on Machirne Learning, 7th European Conference on prirnciples and Practice of Knowledge Discovery in Databases (ECML/PKDD'2003), Dubrovnik, Croatie, 11-23 Septembre, 2003.
5. N. Ben Amor, S. Benferhat, Z. Elouedi and K. Mellouli. Decisioin Trees and Qualitative Possibilistic Inference: Application to the Intrusion Detection Problem. European Conference of Symbolic and Quanrtitative Approaches to Reasoning and Uncertairnty (ECSQARU'2003), Alborg, Danemark, pp. 419-431, Juillet, 2003.
6. N. Ben Amor, S. Benferhat, Z. Elouedi and F. Cuppens. Decisioin Trees and Qualitative Inference for Intrusion Detection Systems. International Fuzzy Systems Association conference (IFSA2A003), Turquie, Juillet, 2003.
7. D. J. Burroughs, L. F. Wilson and G. V. Cybenko. Analysis of Distributed Intrusion Detection Systems Usirng Bayesian Methods. Proceedings of IEEE International Performance Computirng and Communiication Conference, April, 2002.
8. S. Cho. Incorporatirng Soft Computirng Techniques into a Probabilistic Intrusion Detection System. IEEE Transactions on Systems, Man, and Cybernetics, 32 (2), pp. 154-160, May, 2002.
9. C. K. Chow and C.N. Liu. Approximating discrete probability distributions with dependence trees. IEEE Transactions on Information Theory, 3(14), pp. 462-467, 1968.
10. F. Cuppens. Managing alerts irn a multuntrusion detection environment. In 17th Annual Computer Security Applications Conference (ACSAC), p 22-31, 2001.
11. O. Dain and R. K. Cuningham. Fusirng hetergenous alert streams irnto scenarios. In Proceedirngs of the Eighth (ACM) Conference on Computer and Communiications Security, pp. 1-13, 2001.
12. H. Debar, M. Dacier, and A. Wespi. A Revised Taxonomy for Intrusion Detection Systems. Annales des Telecommuniications. 55(7-8), p 361- 378, 2000.
13. H. Debar and A. Wespi. Aggregation and correlation of intrusion alerts. In 4th Workshop on Recent Advances irn Intrusion Detection (RAID 2001), LNCS. Springer Verlag, Berlin, p 85-103, 2001.
14. A. Faour, P. Leray and C. Foll. Reseaux bayesieins pour le filtrage dalarmes dans les systemes de de'tection dintrusion. In Atelier Modeles Graphiques Probabilistes, 5emes journe'es d'Extraction et de Gestion des Connaissances (EGC 2005), pages 25-33, Paris, France, 2005.
15. N. Freidman, D. Geiger and M. Goldszmidt. Bayesian network classifiers. Machirne Learning, (29), pp. 131-163, 1997.
16. F. V. Jensen. An introduction to Bayesian Networks. Taylor and Francis, London, United Kingtom, 1996.
17. K. Julish and M. Dacier. Mining Intrusion Detection alarms for actionable knowledge. In the 8th ACM International Conference on Knowledge Discovery and Data Mining, p 366-375, 2002.
18. T. Kohonen. Self-Organrizirng Maps. Series irn Information Sciences. Third Extended Edition, Berlin. Sprirnger, 2001.
19. C. Kruegel, D. Mutz, W. Robertson and F. Valeur. Bayesian Event Classification for Intrusion Detection. In the Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC03), IEEE Computer Society, p14, Washington, DC, USA, December, 2003.
20. P. Leray and O. Francois. Reseaux Bayesieins pour la classification - Methodologie et Illustration dans le cadre du Diagnostic Medical. Revue d'Intelligence Artificielle, 18(29), pp. 169-193, 2004.
21. S. Manganaris, M. Christenen, D. Zerkleand and K. Hermiz. A Data Mining analysis of RTID alarms. Computer Networks, 34(4), p 571-577, 2000.
22. J. Pearl. Probabilistic Reasoniing irn Intelligent Systems: Networks of Plausible Inference, Morgan Kaufmann, 1988.
23. R. S. Puttini, Z. Marrakchi and L. Me. A Bayesian Classification Model for Real- Time Intrusion Detection. AIP International Conference, 659 (1), pp. 150-162, March, 2003.
24. M. Roesch. Snort - lightweight intrusion detection for networks. Proceedirngs of Thirteenth Systems Admiriistration Conference (LISA '99), pp. 229-238, 1999.
25. S. L. Scott. A Bayesian paradigm for designing Intrusion Detection System. Computational Statistics and Data Analysis (special issue on network irntrusion detection), 45, pp. 69-83, 2004.
26. A. A. Sebyala, T. Olukemi, and L. Sacks. Active Platform Security through Intrusion Detection Usirng Nave Bayesian Network for Anomaly Detection. In the proceedings of London Communications Symposium, 2002.
27. R. Sekar, Y. Guang, S. Verma and T. Shanbhag. A high performance network intrusion detection system. 6th ACM Conference on Computer and Communiications Security, p 8-17, 1999.
28. A. Seleznyov. Temporal-Probabilistic Network Approach for Anomaly Intrusion. 12th Annual Computer Security Inrcident Handlirng Conference, Chicago, 2000.
29. S. Staniford, J.A. Hoagland and J.M. McAlernay. Practical automated detection of stealthy portscans. In the ACM Computer and Communications Security IDS Workshop, pp. 1-7, 2000.
30. A. Valdes and K. Skinner. Probabilistic alert correlation. In the 4th Workshop on Recent Advances in Intrusion Detection (RAID), LNCS. Springer Verlag, Berlin, pp. 54-86, 2001.
31. D. Zamboni. Using internal sensors for computer intrusion detection. PhD Thesis, Purdue University, 2001.