Intrusion Detection using Continuous Time Bayesian Networks

by   Jing Xu, et al.

Intrusion detection systems (IDSs) fall into two high-level categories: network-based systems (NIDS) that monitor network behaviors, and host-based systems (HIDS) that monitor system calls. In this work, we present a general technique for both systems. We use anomaly detection, which identifies patterns not conforming to a historic norm. In both types of systems, the rates of change vary dramatically over time (due to burstiness) and over components (due to service difference). To efficiently model such systems, we use continuous time Bayesian networks (CTBNs) and avoid specifying a fixed update interval common to discrete-time models. We build generative models from the normal training data, and abnormal behaviors are flagged based on their likelihood under this norm. For NIDS, we construct a hierarchical CTBN model for the network packet traces and use Rao-Blackwellized particle filtering to learn the parameters. We illustrate the power of our method through experiments on detecting real worms and identifying hosts on two publicly available network traces, the MAWI dataset and the LBNL dataset. For HIDS, we develop a novel learning method to deal with the finite resolution of system log file time stamps, without losing the benefits of our continuous time model. We demonstrate the method by detecting intrusions in the DARPA 1998 BSM dataset.



There are no comments yet.


page 1

page 2

page 3

page 4


SCADS: A Scalable Approach Using Spark in Cloud for Host-based Intrusion Detection System with System Calls

Following the current big data trend, the scale of real-time system call...

Constraint-Based Learning for Continuous-Time Bayesian Networks

Dynamic Bayesian networks have been well explored in the literature as d...

Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection

Neural networks have become an increasingly popular solution for network...

Intrusion Prediction with System-call Sequence-to-Sequence Model

The advanced development of the Internet facilitates efficient informati...

Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algo...

Intrusion Detection and Ubiquitous Host to Host Encryption

Growing concern for individual privacy, driven by an increased public aw...

A Survey of Intrusion Detection Systems Leveraging Host Data

This survey focuses on intrusion detection systems (IDS) that leverage h...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.