Abstract
Network Intrusion Detection Systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, an NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour and detecting those that do not fit on that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this, we present here ESIDE-Depian, the first unified misuse and anomaly prevention system based on Bayesian Networks to analyse completely network packets, and the strategy to create a consistent knowledge model that integrates misuse and anomaly-based knowledge. The training process of the Bayesian network may become intractable very fast in some extreme situations; we present also a method to cope with this problem. Finally, we evaluate ESIDE-Depian against well-known and new attacks showing how it outperforms a well-established industrial NIDS.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Internet System Consortium, Internet Domain Survey, http://www.isc.org
Kabiri, P., Ghorbani, A.A.: Research on intrusion detection and response: A survey. Int. J. on Information Security 1(2), 84–102 (2005)
Alipio, P., Carvalho, P., Neves, J.: Using CLIPS to Detect Network Intrusion. In: Pires, F.M., Abreu, S.P. (eds.) EPIA 2003. LNCS, vol. 2902, pp. 341–354. Springer, Heidelberg (2003)
Vigna, G., Eckman, S., Kemmerer, R.: The STAT tool suite. In: DARPA Information Survivability Conference and Exposition, vol. 2, p. 1046. IEEE Press, Los Alamitos (2000)
Kantzavelou, I., Katsikas, S.: An attack detection system for secure computer systems outline of the solution. In: 13th International IFIP TC11 Conference on Information Security, pp. 123–135 (1997)
Mukkamala, S., Sung, A., Abraham, A.: Intrusion detection using an ensemble of intelligent paradigms. J. of Network and Computer Applications 28, 167–182 (2005)
Doyle, J., Kohane, I., Long, W., Shrobe, H., Szolovits, P.: Event recognition beyond signature and anomaly. In: 2001 IEEE Workshop on Information Assurance and Security, pp. 170–174 (2001)
Kim, D., Nguyen, H., Park, J.: Genetic algorithm to improve svm-based network intrusion detection system. In: 19th International Conference on Advanced Information Networking and Applications, vol. 2, pp. 155–158 (2005)
Chavan, S., Shah, K., Dave, N., Mukherjee, S., Abraham, A., Sanyal, S.: Adaptative neuro-fuzzy intrusion detection systems. In: 2004 International Conference on Information Technology: Coding and Computing, vol. 1, pp. 70–74 (2004)
Helmer, G., Wong, J., Honavar, V., Miller, L., Wang, Y.: Lightweight agents for intrusion detection. J. of Systems and Software 67, 109–122 (2003)
Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J.: A comparative study of anomaly detection schemes in network intrusion detection. In: SIAM International Conference on Data Mining (2003)
Skinner, K., Valdes, A.: Adaptive, Model-based Monitoring for Cyber Attack Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 80–92. Springer, Heidelberg (2000)
Singhal, A., Jajodia, S.: Data warehousing and data mining techniques for intrusion detection systems. Int. J. on Information Security 1(2), 149–166 (2006)
Brugger, T.: Data Mining Methods for Network Intrusion Detection. PhD thesis. University of California Davis (2004)
Roesch, M.: SNORT: Lightweight intrusion detection for networks. In: 13th Systems Administration Conference, pp. 229–238 (1999)
Crothers, T.: Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network. John Wiley & Sons, Chichester (2002)
Metasploit: Exploit research (2006), http://www.metasploit.org
Spirtes, P., Glymour, C., Scheines, R.: Causation, Prediction, and Search. In: Adaptive Computation and Machine Learning, 2nd edn. MIT Press, Cambridge (2001)
Murphy, K.: An introduction to graphical models. Technical report. Intel Research, Intel Corporation (2001)
Castillo, E., Gutierrez, J.M., Hadi, A.S.: Expert Systems and Probabilistic Network Models. Springer, Heidelberg (1997)
Estevez-Tapiador, J., Garcia-Teodoro, P., Diaz-Verdejo, J.: Stochastic protocol modelling for anomaly based network intrusion detection. In: 1st IEEE International Workshop on Information Assurance, pp. 3–12 (2003)
Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: 10th ACM Conference on Computer and Communications Security, pp. 251–261 (2003)
Ghahramani, Z.: Learning Dynamic Bayesian Networks. Adaptive Processing of Sequences and Data Structures. In: International Summer School on Neural Networks, pp. 168–197. Springer, London (1998)
Snort: The facto standard for intrusion detection and prevention, http://www.snort.org/
Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang., J.: Real time data mining-based intrusion detection. In: 2nd DARPA Information Survivability Conference and Exposition, vol. 1, pp. 89–100 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bringas, P.G., Penya, Y.K. (2009). Next-Generation Misuse and Anomaly Prevention System. In: Filipe, J., Cordeiro, J. (eds) Enterprise Information Systems. ICEIS 2008. Lecture Notes in Business Information Processing, vol 19. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00670-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-00670-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00669-2
Online ISBN: 978-3-642-00670-8
eBook Packages: Computer ScienceComputer Science (R0)