COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION

Montaceur Zaghdoud, Mohamed Ben Ahmed

2006

Abstract

Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationship which can affect attack types. Bayesian Network (BN) is known as causal graphical model which can learn from data and after that it can be used to deduce conclusion about a fact based on causal relations with other prior facts. Causal relationships in BN are modeled by conditional probabilities. Recently, Possibilistic Network (PN) is being a complementary or sometimes concurrently model of BN and demonstrated superiority in computing imprecise and/or incomplete data. PN is based on the same principle as BN but it uses conditional possibilities rather than conditional probabilities to modal causal relationships. Several researchers worked on comparison between BN and PN in many domains. But, in this paper we are interested by comparison between BN and PN network in Intrusion Detection. Comparison criteria covered detection rate and false alarms rate. Experimentation process used DARPA’99 data set. Comparison results show a global superiority of PN versus BN when detecting intrusion. The main outcome of this research work is to develop an Intrusion Detection System (IDS) based on BN and/or PN network depending comparison results.

References

  1. Axelsson S., 1999. The Base-Rate Fallacy and its Implications for the Difficulty of Intrusion Detection. In 6th ACM Conference on Computer and Communications Security.
  2. Benferhat S. and Smaoui S., 2005. Possibilistic networks with locally weighted knowledge bases. 4th International Symposium on Imprecise Probabilities and Their Applications, Pittsburgh, Pennsylvania.
  3. DARPA, 1999. Knowledge discovery in databases DARPA archive. Task Description http://www.kdd.ics.uci.edu/databases/kddcup99/task.h tml .
  4. Dubois D. and Prade H., 1998. Possibility theory: An approach to computerized processing of uncertainty. Plenum Press, New York.
  5. Gebhardt J. and Kruse R., 1995. Learning possibilistic networks from data, in: Proceedings of the Fifth International Workshop on Artificial Intelligence and Statistics, Fort Lauderdale, FL.
  6. Higashi M., Klir G.,1983. Measures of uncertainty and information based on possibility distributions, International Journal of General Systems 9, 103:115.
  7. ISTG, 1998. The 1998 intrusion detection off-line evaluation plan. MIT Lincoln Lab., Information Systems Technology Group. http://www.11.mit.edu/IST/ideval/docs/1998/id98- eval-11.txt .
  8. Jensen F., 2001. Bayesian Networks and Decision Graphs. Springer, New York, USA.
  9. Jensen Frank, Jensen Finn V. and Dittmer Soren L,1994. From influence diagrams to junction trees. Proceedings of UAI.
  10. Johansen Krister and Lee Stephen, 2003. Network Security: Bayesian Network Intrusion Detection (BNIDS) May 3.
  11. Kayacik, G. H., Zincir-Heywood, A. N., 2005. Analysis of Three Intrusion Detection System Benchmark Datasets Using Machine Learning Algorithms, Proceedings of the IEEE ISI 2005 Atlanta, USA.
  12. Klir G. and Folger T., 1988. Fuzzy Sets, Uncertainty and Information, Prentice-Hall, Englewood Cliffs, NJ.
  13. Kruegel Christopher, Darren Mutz William, Robertson Fredrik Valeur, 2003. Bayesian Event Classification for Intrusion Detection Reliable Software Group University of California, Santa Barbara.
  14. Kruse Rudolf and Borgelt Christian, 2001. Possibilistic Networks: Data Mining Applications. Dept. of Knowledge Processing and Language Engineering. Otto-von-Guericke University of Magdeburg Universität splatz 2, D-39106 Magdeburg, Germany.
  15. Pearl J., 1997. Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann
  16. Rudzonis C. Brian, 2003. Intrusion Prevention: Does it Measure up to the Hype? SANS GSEC Practical v1.4b.
  17. Sanguesa R., Cabos J., Cortes U., 1988. Possibilistic conditional independence: A similarity-based measure and its application to causal network learning. International Journal of Approximate Reasoning 18, 145-167.
  18. Sanguesa R., Cortes U., 1997. Learning causal networks from data: a survey and a new algorithm for recovering possibilistic causal networks. AI Communications 10, 31-61.
Download


Paper Citation


in Harvard Style

Zaghdoud M. and Ben Ahmed M. (2006). COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 24-31. DOI: 10.5220/0002101200240031


in Bibtex Style

@conference{secrypt06,
author={Montaceur Zaghdoud and Mohamed Ben Ahmed},
title={COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={24-31},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002101200240031},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - COMPARATIVE STUDY BETWEEN BAYESIAN NETWORK AND POSSIBILISTIC NETWORK IN INTRUSION DETECTION
SN - 978-972-8865-63-4
AU - Zaghdoud M.
AU - Ben Ahmed M.
PY - 2006
SP - 24
EP - 31
DO - 10.5220/0002101200240031