Abstract
The level of seriousness and sophistication of recent cyber-attacks has risen dramatically over the past decade. This brings great challenges for network protection and the automatic security management. Quick and exact localization of intruder by an efficient intrusion detection system (IDS) will be great helpful to network manager. In this paper, Bayesian networks (BNs) are proposed to model the distributed intrusion detection based on the characteristic of intruders’ behaviors. An inference strategy based on BNs are developed, which can be used to track the strongest causes (attack source) and trace the strongest dependency routes among the behavior sequences of intruders. This proposed algorithm can be the foundation for further intelligent decision in distributed intrusion detection.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bagchi, S., Kar, G., Hellerstein, J.L.: Dependency Analysis in Distributed Systems using Fault Injection: Application to Problem Determination in an e-commerce Environment. In: 12th International Workshop on Distributed Systems: Operations & Management 2001 (2001)
Cowell, R.G., Dawid, A.P., Lauritzen, S.L., Spiegelhalter, D.J.: Probabilistic Networks and Expert Systems. Springer, New York (1999)
Charniak, E., Goldman, R.P.: A Semantics for Probabilistic Quantifier-Free First-Order Languages, with Particular Application to Story Understanding. In: Proceedings of IJCAI 1989, pp. 1074–1079. Morgan-Kaufmann, San Francisco (1989)
Denning, D.E.: An Intrusion Detection Model. IEEE Trans. Software Eng. 13(2), 222–232 (1987)
Gupta, M., Neogi, A., Agarwal, M.K., Kar, G.: Discovering Dynamic Dependencies in Enterprise Environments for Problem Determination. In: Proc. of 14th IEEE/IPIP International Workshop on Distributed Systems Operations and Management, Heidelberg, Germany (2003)
Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proc. Annual Computer Security Application Conference (ACSAC 1998), pp. 259–267. IEEE CS Press, Los Alamitos (1998)
Ilgun, K., Kemmerer, R.A., Porras, P.A.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Trans. Software Eng. 21(3), 181–199 (1995)
Julisch, K., Dacier, M.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proc. 8th ACM International Conference on Knowledge Discovery and Data Mining, Edmonton (July 2002)
Keller, A., Blumenthal, U., Kar, G.: Classification and Computation of Dependencies for Distributed Management. In: Proceedings of 5th IEEE Symposium on Computers and Communications. Antibes-Juan-les-Pins, France (July 2000)
Ko, C., Ruschitzka, M., Levitt, K.: Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach. In: Proc. 1997 IEEE Symp. Security and Privacy, pp. 175–187 (1997)
Klinger, S., Yemini, S., Yemini, Y., Ohsie, D., Stolfo, S.: A coding approach to event correlation. In: Proceedings of the fourth international symposium on Integrated network management IV, pp. 266–277 (January 1995)
Katzela, I., Schwarz, M.: Schemes for fault identification in communication networks. IEEE Transactions on Networking 3(6), 733–764 (1995)
Lee, W.: A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems. PhD thesis, Columbia University (June 1999)
Lindqvist, U., Porras, P.A.: Detecting Computer and Network Misuse with the Production-Based Expert System Toolset. In: IEEE Symp. Security and Privacy, pp. 146–161. IEEE CS Press, Los Alamitos (1999)
Matsumoto, M., Kurita, Y.: Twisted GFSR generators. ACM Trans. on Modeling and Computer Simulation 2, 179–194 (1992)
Matsumoto, M., Kurita, Y.: Twisted GFSR generatos II. ACM Trans. on Modeling and Computer Simulation 4, 254–266 (1994)
Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: Proc. Seventh Usenix Security Symp., Usenix Assoc., Berkeley, Calif. (1998)
Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, San Mateo (1988)
Pearl, J.: Causality: Models, Reasoning, and Inference. Cambridge University Press, Cambridge (2000) ISBN: 0-521-77362-8
Yin, Q., Shen, L., Zhang, R., Li, X., Wang, H.: Intrusion Detection Based on Hidden Markov Model. In: Proc. of 2003 IEEE Conference on Machine Learning and Cybernetics, vol. 5, pp. 3115–3118 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ding, J., Xu, S., Krämer, B., Bai, Y., Chen, H., Zhang, J. (2004). Probabilistic Inference Strategy in Distributed Intrusion Detection Systems. In: Cao, J., Yang, L.T., Guo, M., Lau, F. (eds) Parallel and Distributed Processing and Applications. ISPA 2004. Lecture Notes in Computer Science, vol 3358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30566-8_97
Download citation
DOI: https://doi.org/10.1007/978-3-540-30566-8_97
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24128-7
Online ISBN: 978-3-540-30566-8
eBook Packages: Computer ScienceComputer Science (R0)