COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION

Montaceur Zaghdoud; Mohamed Ben Ahmed

doi:10.5220/0002101200240031

COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION

Montaceur Zaghdoud, Mohamed Ben Ahmed

2006

Abstract

Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationship which can affect attack types. Bayesian Network (BN) is known as causal graphical model which can learn from data and after that it can be used to deduce conclusion about a fact based on causal relations with other prior facts. Causal relationships in BN are modeled by conditional probabilities. Recently, Possibilistic Network (PN) is being a complementary or sometimes concurrently model of BN and demonstrated superiority in computing imprecise and/or incomplete data. PN is based on the same principle as BN but it uses conditional possibilities rather than conditional probabilities to modal causal relationships. Several researchers worked on comparison between BN and PN in many domains. But, in this paper we are interested by comparison between BN and PN network in Intrusion Detection. Comparison criteria covered detection rate and false alarms rate. Experimentation process used DARPA’99 data set. Comparison results show a global superiority of PN versus BN when detecting intrusion. The main outcome of this research work is to develop an Intrusion Detection System (IDS) based on BN and/or PN network depending comparison results.

Download

Paper Citation

in Harvard Style

Zaghdoud M. and Ben Ahmed M. (2006). COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 24-31. DOI: 10.5220/0002101200240031

in Bibtex Style

@conference{secrypt06,
author={Montaceur Zaghdoud and Mohamed Ben Ahmed},
title={COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={24-31},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002101200240031},
isbn={978-972-8865-63-4},
}

in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION
SN - 978-972-8865-63-4
AU - Zaghdoud M.
AU - Ben Ahmed M.
PY - 2006
SP - 24
EP - 31
DO - 10.5220/0002101200240031