| Hi-index | 0.00 |
Bayesian networks are very powerful tools for knowledge representation and reasoning under uncertainty. This paper shows the applicability of naive Bayesian classifiers to two major problems in intrusion detection: the detection of elementary attacks and the detection of coordinated ones. We propose two models starting with stating the problems and defining the variables necessary for model building using naive Bayesian networks. In addition to the fact that the construction of such models is simple and efficient, the performance of naive Bayesian networks on a representative data is competing with the most efficient state of the art classification tools. We show how the decision rules used in naive Bayesian classifiers can be improved to detect new attacks and new anomalous activities. We experimentally show the effectiveness of these improvements on a recent Web-based traffic. Finally, we propose a naive Bayesian network-based approach especially designed to detect coordinated attacks and provide experimental results showing the effectiveness of this approach.