Augmentation of Intrusion Detection Systems Through the Use of Bayesian Network Analysis

No Thumbnail Available

Date

2006-05-03

Journal Title

Series/Report No.

Journal ISSN

Volume Title

Publisher

Abstract

The purpose of this research has been to increase the effectiveness of Intrusion Detection Systems in the enforcement of computer security. Current preventative security measures are clearly inadequate as evidenced by constant examples of compromised computer security seen in the news. Intrusion Detection Systems have been created to respond to the inadequacies of existing preventative security methods. This research presents the two main approaches to Intrusion Detection Systems and the reasons that they too fail to produce adequate security. Promising new methods are attempting to increase the effectiveness of Intrusion Detection Systems with one of the most interesting approaches being that taken by the TIAA system. The TIAA system uses a method based on employing prerequisites and consequences of security attacks to glean cohesive collections of attack data from large data sets. The reasons why the TIAA approach ultimately fails are discussed, and the possibility of using the TIAA system as a preprocessor for recognizing novel attacks is then presented along with the types of data this approach will produce. In the course of this research the VisualBayes software package was created to make use of the data generated by the TIAA system. VisualBayes is a complete graphical system for the creation, manipulation, and evaluation of Bayesian networks. The VisualBayes also uses the Bayesian networks to create a visualization of observations and the probabilities that result from them. This is a new feature that has not been seen in other Bayesian systems up to this point.

Description

Keywords

Intrusion Detection Systems, Bayesian Networks

Citation

Degree

MS

Discipline

Computer Science

Collections