Bayesian event classification for intrusion detection

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn 2003-January, Issue , 2003, Pages 14-23

  Kruegel, Christopher ^a   Mutz, Darren ^a   Robertson, William ^a   Valeur, Fredrik ^a  

^a UNIVERSITY OF CALIFORNIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

BAYESIAN NETWORKS; COMPUTER CRIME; ERRORS; MERCURY (METAL); NETWORK SECURITY; SECURITY OF DATA; SECURITY SYSTEMS;

ANOMALY BASED INTRUSION DETECTION SYSTEMS; DECISION PROCESS; EVENT CLASSIFICATION; EXTERNAL SOURCES; INTRUSION DETECTION SYSTEMS; NUMBER OF FALSE ALARMS; ROBUST MODELS; UNKNOWN ATTACKS;

INTRUSION DETECTION;

EID: 84944737204     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSAC.2003.1254306     Document Type: Conference Paper

References (26)

1. S. Axelsson. The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In 6th ACM Conference on Computer and Communications Security, 1999.
2. P. Billingsley. Probability and Measure. Wiley-Interscience, 3 edition, April 1995.
3. Basic Security Module Guide - Sun SHIELD BSM. http://docs.sun.com/db/doc/802-5757.
4. D. Denning. An Intrusion Detection Model. IEEE Transactions on Software Engineering, 13(2):222-232, Feb. 1987.
5. S. Forrest. A Sense of Self for UNIX Processes. In Proceedings of the IEEE Symposium on Security and Privacy, pages 120-128, Oakland, CA, May 1996.
6. R. Goldman. A Stochastic Model for Intrusions. In Symposium on Recent Advances in Intrusion Detection (RAID), 2002.
7. K. Ilgun. USTAT: A Real-time Intrusion Detection System for UNIX. In Proceedings of the IEEE Symposium on Research on Security and Privacy, Oakland, CA, May 1993.
8. H. S. Javitz and A. Valdes. The SRI IDES Statistical Anomaly Detector. In Proceedings of the IEEE Symposium on Security and Privacy, May 1991.
9. F. Jensen. Bayesian Networks and Decision Graphs. Springer, New York, USA, 2001.
10. C. Kruegel, T. Toth, and E. Kirda. Service Specific Anomaly Detection for Network Intrusion Detection. In Symposium on Applied Computing (SAC). ACM Scientific Press, March 2002.
11. M. Lincoln Labs. DARPA Intrusion Detection Evaluation. http://www.ll.mit.edu/IST/ideval, 1999.
12. J. McHugh. Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evalautions as Performed by Lincoln Laboratory. ACM Transaction on Information and System Security, 3(4), November 2000.
13. J. Pearl. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, 1997.
14. P. Porras and P. Neumann. EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the 1997 National Information Systems Security Conference, October 1997.
15. P. A. Porras and A. Valdes. Live traffic analysis of TCP/IP gateways. In Proceedings of the 1998 ISOC Symposium on Network and Distributed System Security (NDSS'98), San Diego, CA, 1998.
16. R. Puttini, Z. Marrakchi, and L. Me. Bayesian Classification Model for Real-Time Intrusion Detection. In 22th International Workshop on Bayesian Inference and Maximum Entropy Methods in Science and Engineering, 2002.
17. Real Secure. http://www.iss.net/products-services/enterprise-protection.
18. M. Roesch. Snort - Lightweight Intrusion Detection for Networks. In USENIX Lisa 99, 1999.
19. A. A. Sebyala, T. Olukemi, and L. Sacks. Active Platform Security through Intrusion Detection Using Naive Bayesian Network for Anomaly Detection. In London Communications Symposium, 2002.
20. Smile: Structural Modeling, Inference, and Learning Engine. http://www.sis.pitt.edu/~genie/.
21. SNARE - System iNtrusion Analysis and Reporting Environment. http://www.intersectalliance.com/projects/Snare.
22. A. Stolcke and S. Omohundro. Inducing probabilistic grammars by bayesian model merging. In International Conference on Grammatical Inference, 1994.
23. Swatch: Simple Watchdog. http://swatch. sourceforge.net.
24. A. Valdes and K. Skinner. Adaptive, Model-based Monitoring for Cyber Attack Detection. In Proceedings of RAID 2000, Tolouse, France, October 2000.
25. G. Vigna and R. A. Kemmerer. Net STAT: A Network-based Intrusion Detection System. Journal of Computer Security, 7(1):37-71, 1999.
26. C. Warrender, S. Forrest, and B. Pearlmutter. Detecting intrusions using system calls: Alternative data models. In IEEE Symposium on Security and Privacy, pages 133-145, 1999.