An Uncertain Reasoning-Based Intrusion Detection System for DoS/DDoS Detection

Harpreet Singh, Habib Louafi, Yiyu Yao

2024

Abstract

Network intrusion detection systems (NIDS) play an important role in cybersecurity, but they face obstacles such as unpredictability and computational complexity. To solve these challenges, we propose a novel probabilistic NIDS that detects DoS and DDoS attacks carried out on the TCP, UDP, and ICMP protocols. Our method incorporates knowledge from the fields of these protocols using Bayesian networks (BN) and Markov networks (MN). Inference is performed using Variable Elimination (VE) for BN and Shafer-Shenoy (SS) Propagation, as well as Lazy Propagation (LP) for MN. Extensive tests on the CAIDA dataset have yielded promising results, with higher Precision, Recall, and F1-Score metrics. Notably, both SS and LP are efficient, demonstrating the effectiveness of our proposed NIDS in improving network security.

Download


Paper Citation


in Harvard Style

Singh H., Louafi H. and Yao Y. (2024). An Uncertain Reasoning-Based Intrusion Detection System for DoS/DDoS Detection. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 771-776. DOI: 10.5220/0012794400003767


in Bibtex Style

@conference{secrypt24,
author={Harpreet Singh and Habib Louafi and Yiyu Yao},
title={An Uncertain Reasoning-Based Intrusion Detection System for DoS/DDoS Detection},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={771-776},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012794400003767},
isbn={978-989-758-709-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - An Uncertain Reasoning-Based Intrusion Detection System for DoS/DDoS Detection
SN - 978-989-758-709-2
AU - Singh H.
AU - Louafi H.
AU - Yao Y.
PY - 2024
SP - 771
EP - 776
DO - 10.5220/0012794400003767
PB - SciTePress