Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
Tractable inference for complex stochastic processes
UAI'98 Proceedings of the Fourteenth conference on Uncertainty in artificial intelligence
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Learning Rules for Anomaly Detection of Hostile Network Traffic
ICDM '03 Proceedings of the Third IEEE International Conference on Data Mining
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Monitoring SIP Traffic Using Support Vector Machines
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Motif-based attack detection in network communication graphs
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
Model generalization and its implications on intrusion detection
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Cooperative intrusion detection for web applications
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Detecting stealthy backdoors with association rule mining
IFIP'12 Proceedings of the 11th international IFIP TC 6 conference on Networking - Volume Part II
Multi-stage attack detection algorithm based on hidden markov model
WISM'12 Proceedings of the 2012 international conference on Web Information Systems and Mining
Alert correlation: Severe attack prediction and controlling false alarm rate tradeoffs
Intelligent Data Analysis
Hi-index | 0.00 |
Inference methods for detecting attacks on information resources typically use signature analysis or statistical anomaly detection methods. The former have the advantage of attack specificity, but may not be able to generalize. The latter detect attacks probabilistically, allowing for generalization potential. However, they lack attack models and can potentially "learn" to consider an attack normal. Herein, we present a high-performance, adaptive, model-based technique for attack detection, using Bayes net technology to analyze bursts of traffic. Attack classes are embodied as model hypotheses, which are adaptively reinforced. This approach has the attractive features of both signature based and statistical techniques: model specificity, adaptability, and generalization potential. Our initial prototype sensor examines TCP headers and communicates in IDIP, delivering a complementary inference technique to an IDS sensor suite. The inference technique is itself suitable for sensor correlation.