COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION
Montaceur Zaghdoud, Mohamed Ben Ahmed
2006
Abstract
Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationship which can affect attack types. Bayesian Network (BN) is known as causal graphical model which can learn from data and after that it can be used to deduce conclusion about a fact based on causal relations with other prior facts. Causal relationships in BN are modeled by conditional probabilities. Recently, Possibilistic Network (PN) is being a complementary or sometimes concurrently model of BN and demonstrated superiority in computing imprecise and/or incomplete data. PN is based on the same principle as BN but it uses conditional possibilities rather than conditional probabilities to modal causal relationships. Several researchers worked on comparison between BN and PN in many domains. But, in this paper we are interested by comparison between BN and PN network in Intrusion Detection. Comparison criteria covered detection rate and false alarms rate. Experimentation process used DARPA’99 data set. Comparison results show a global superiority of PN versus BN when detecting intrusion. The main outcome of this research work is to develop an Intrusion Detection System (IDS) based on BN and/or PN network depending comparison results.
DownloadPaper Citation
in Harvard Style
Zaghdoud M. and Ben Ahmed M. (2006). COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 24-31. DOI: 10.5220/0002101200240031
in Bibtex Style
@conference{secrypt06,
author={Montaceur Zaghdoud and Mohamed Ben Ahmed},
title={COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={24-31},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002101200240031},
isbn={978-972-8865-63-4},
}
in EndNote Style
TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION
SN - 978-972-8865-63-4
AU - Zaghdoud M.
AU - Ben Ahmed M.
PY - 2006
SP - 24
EP - 31
DO - 10.5220/0002101200240031