BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM

Pablo Garcia Bringas; Yoseba K. Penya; Stefano Paraboschi; Paolo Salvaneschi

doi:10.5220/0001702300620069

BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM

Pablo Garcia Bringas, Yoseba K. Penya, Stefano Paraboschi, Paolo Salvaneschi

2008

Abstract

Network Intrusion Detection Systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, an NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour and detecting those that do not fit on that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this, we present here ESIDE-Depian, the first unified misuse and anomaly prevention system based on Bayesian Networks to analyse completely network packets, and the strategy to create a consistent knowledge model that integrates misuse and anomaly-based knowledge. Finally, we evaluate ESIDE-Depian against well-known and new attacks showing how it outperforms a well-established industrial NIDS.

Download

Paper Citation

in Harvard Style

Garcia Bringas P., K. Penya Y., Paraboschi S. and Salvaneschi P. (2008). BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-8111-37-1, pages 62-69. DOI: 10.5220/0001702300620069

in Bibtex Style

@conference{iceis08,
author={Pablo Garcia Bringas and Yoseba K. Penya and Stefano Paraboschi and Paolo Salvaneschi},
title={BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2008},
pages={62-69},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001702300620069},
isbn={978-989-8111-37-1},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM
SN - 978-989-8111-37-1
AU - Garcia Bringas P.
AU - K. Penya Y.
AU - Paraboschi S.
AU - Salvaneschi P.
PY - 2008
SP - 62
EP - 69
DO - 10.5220/0001702300620069