NOVEL AND ANOMALOUS BEHAVIOR DETECTION USING BAYESIAN NETWORK CLASSIFIERS

Salem Salem, Karim Tabia

2008

Abstract

Bayesian networks have been widely used in intrusion detection. However, most works showed that they are ineffective for anomaly detection since novel attacks and new behaviors are not efficiently detected. In this paper, we firstly analyze this problem due to inadequate treatment of novel and unusual behaviors and to insufficient decision rules which do not meet anomaly approach requirements. We accordingly propose to enhance the standard Bayesian classification rule in order to fit anomaly detection objectives and effectively detect novel attacks. We carried out experimental studies on recent and real htt p traffic and showed that Bayesian classifiers using enhanced decision rules allow detecting most novel attacks without triggering significantly higher false alarm rates.

Paper Citation

in Harvard Style

Salem S. and Tabia K. (2008). NOVEL AND ANOMALOUS BEHAVIOR DETECTION USING BAYESIAN NETWORK CLASSIFIERS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008) ISBN 978-989-8111-59-3, pages 13-20. DOI: 10.5220/0001923300130020

in Bibtex Style

@conference{secrypt08,
author={Salem Salem and Karim Tabia},
title={NOVEL AND ANOMALOUS BEHAVIOR DETECTION USING BAYESIAN NETWORK CLASSIFIERS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)},
year={2008},
pages={13-20},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001923300130020},
isbn={978-989-8111-59-3},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2008)
TI - NOVEL AND ANOMALOUS BEHAVIOR DETECTION USING BAYESIAN NETWORK CLASSIFIERS
SN - 978-989-8111-59-3
AU - Salem S.
AU - Tabia K.
PY - 2008
SP - 13
EP - 20
DO - 10.5220/0001923300130020