Abstract
Intrusion Detection in large network must rely on use of many distributed agents instead to one large monolithic module. Agents should have some kind of artificial intelligence in order to cope successfully with different intrusion problems. In this paper, we suggested Bayesian alarm network to work as independent Network Intrusion Detection Agent. We have shown that when narrowed in detecting one specific type of the attack in large network, for example denial of service, virus, worm or privacy attack, we can induce much more prior knowledge into system regarding the attack. Different nodes of the network can develop their own model of Bayesian alarm network and agents could communicate between themselves and with common security data base. Networks should be organized hierarchically so on the higher level of hierarchy, Bayesian alarm network, thanks to interconnections with lower level networks and data, acts as a distributed Intrusion Detection System.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. Heady, G. Luger, A. Maccabe, and M. Servilla. The Architecture of a Network Level Intrusion Detection System. Technical report, University of NewMexico, Department of ComputerScience, August 1990.
Crosbie M., October 1995. Defending a Computer System using Autonomous Agents. In Proceedings of the 18th NISSC Conference, October 1995.
Maes P. 1993. Modeling adaptive autonomous agents.Artificial Life 1(1/2).
S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, “GrIDS — A Graph-Based Intrusion Detection System for Large Networks”. The 19th National Information Systems Security Conference, 1996.
M. Eichin and J. Rochis. With microscope and tweezers: An analysis of the Internet worm of November 1988. IEEE Symposium on Research in Security and Privacy, 1989.
D. Seely. A tour of the worm. IEEE Trans. On Soft. Eng., November 1991.
S. Cheung, K. N. Levit: Protecting Routing Infrastructure from Denial of Service Using Cooperative intrusion Detection. In Proceedings of New Security Paradigm Workshop, Cumbria, UK, September 1997.
P. Cheeseman, J. Stutz, and R. Hanson: Bayesian classification with correlation and inheritance. Proceedings of 12th International Joint Conference On Artificial Intelligence pages 692–698, San Mateo, California, 1991.
K. Fukunaga. Introduction to Statistical Pattern Recognition. Academic press, New York, 1990.
D. Heckerman, Probabilistic Similarity Networks. MIT Press, 1991.
G. Finn, “Reducing the Vulnerability of Dynamic Computer Networks,” ISI Research Report RR-88-201, University of Southern California, June 1988.
T. Apostolopoulos, V. Daskalou: “On the implementation of a Prototype for Performance Management Services”, Proceedings of IEEE Int Symp. on Computers and Communications, ISCC’95, 1995.
D. Comer, “Internetworking with TCP/IP.” Vol.1, Prentice Hall, 1991.
R. Perlman, “Interconnections: Bridges and Routers.” Addison-Wesley, 1992.
Biswanath Mukherjee, L Todd Heberlein and Karl N Levitt. Network Intrusion Detection, IEEE Network, May/June 1994, pages 26–41.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bulatovic, D., Velasevic, D. (1999). A Distributed Intrusion Detection System Based on Bayesian Alarm Networks. In: Secure Networking — CQRE [Secure] ’ 99. CQRE 1999. Lecture Notes in Computer Science, vol 1740. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46701-7_19
Download citation
DOI: https://doi.org/10.1007/3-540-46701-7_19
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66800-8
Online ISBN: 978-3-540-46701-4
eBook Packages: Springer Book Archive