Augmentation of Intrusion Detection Systems Through the Use of Bayesian Network Analysis
No Thumbnail Available
Files
Date
2006-05-03
Authors
Advisors
Journal Title
Series/Report No.
Journal ISSN
Volume Title
Publisher
Abstract
The purpose of this research has been to increase the effectiveness of Intrusion Detection Systems in the enforcement of computer security. Current preventative security measures are clearly inadequate as evidenced by constant examples of compromised computer security seen in the news. Intrusion Detection Systems have been created to respond to the inadequacies of existing preventative security methods. This research presents the two main approaches to Intrusion Detection Systems and the reasons that they too fail to produce adequate security. Promising new methods are attempting to increase the effectiveness of Intrusion Detection Systems with one of the most interesting approaches being that taken by the TIAA system. The TIAA system uses a method based on employing prerequisites and consequences of security attacks to glean cohesive collections of attack data from large data sets. The reasons why the TIAA approach ultimately fails are discussed, and the possibility of using the TIAA system as a preprocessor for recognizing novel attacks is then presented along with the types of data this approach will produce. In the course of this research the VisualBayes software package was created to make use of the data generated by the TIAA system. VisualBayes is a complete graphical system for the creation, manipulation, and evaluation of Bayesian networks. The VisualBayes also uses the Bayesian networks to create a visualization of observations and the probabilities that result from them. This is a new feature that has not been seen in other Bayesian systems up to this point.
Description
Keywords
Intrusion Detection Systems, Bayesian Networks
Citation
Degree
MS
Discipline
Computer Science