zbMATH — the first resource for mathematics

Bayesian network-based approaches for severe attack prediction and handling IDSs’ reliability. (English) Zbl 1202.68083
H├╝llermeier, Eyke (ed.) et al., Information processing and management of uncertainty in knowledge-based systems. Applications. 13th international conference, IPMU 2010, Dortmund, Germany, June 28–July 2, 2010. Proceedings. Part II. Berlin: Springer (ISBN 978-3-642-14057-0/pbk; 978-3-642-14058-7/ebook). Communications in Computer and Information Science 81, 632-642 (2010).
Summary: Probabilistic graphical models are very powerful modeling and reasoning tools. In this paper, we propose efficient Bayesian network-based approaches for two major problems in alert correlation which plays an important role in nowadays computer security infrastructures. While the use of multiple intrusion detection systems (IDSs) and complementary approaches is highly recommended to improve the overall detection rates, this inevitably rises huge amounts of alerts most of which are redundant and false alarms. The aim of this work is twofold: Firstly, we propose an approach based on Bayesian multi-nets which allow to take advantage of local influence relationships in order to improve the prediction of severe attacks. Secondly, we propose to handle the reliability of IDSs by considering the uncertainty relative to the triggered alerts. Experimental studies carried out on real and recent IDMEF alerts produced by the de facto network-based IDS Snort shows significant improvements with respect to standard Bayesian approaches. More particularly, the handling of IDSs’ reliability significantly reduces the false alarm rate which represents a crucial issue for intrusion detection development.
For the entire collection see [Zbl 1200.68011].
68M99 Computer system organization
Full Text: DOI