IEEE Transactions on Systems, Man and Cybernetics - Special issue on artificial intelligence
Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
Finding MAPs for belief networks is NP-hard
Artificial Intelligence
Local conditioning in Bayesian networks
Artificial Intelligence
Artificial Intelligence - special issue on computational tradeoffs under bounded resources
Attack Plan Recognition and Prediction Using Causal Networks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Complexity results and approximation strategies for MAP explanations
Journal of Artificial Intelligence Research
| Hi-index | 0.01 |
Intrusion plan prediction and recognition is a critical and challenging task for NIDS. Among several approaches proposed so far, probability inference using causal network seems to be one of the most promising mechanisms. Our analysis shows that the polytree is limited in its expressiveness, and belief updating in max-k-connected networks is hard for all k驴2 [12]. To find a tradeoff between expressive power and inference efficiency, this paper extends the structure of causal network from polytree to max-1-connected Bayesian network, and proposes a new intrusion plan prediction algorithm IPR on it. We evaluate the approach using LLOS1.0, and the results demonstrate that IPR can predict the occurrence probability of DDOS when Sandmind attack occurs to gain root privilege, and then confirm the prediction in the beginning of Syn flooding.