Name
Abstract | ||
|---|---|---|
Intrusion plan prediction and recognition is a critical and challenging task for NIDS. Among several approaches proposed so far, probability inference using causal network seems to be one of the most promising mechanisms. Our analysis shows that the polytree is limited in its expressiveness, and belief updating in max-k-connected networks is hard for all k驴2 [12]. To find a tradeoff between expressive power and inference efficiency, this paper extends the structure of causal network from polytree to max-1-connected Bayesian network, and proposes a new intrusion plan prediction algorithm IPR on it. We evaluate the approach using LLOS1.0, and the results demonstrate that IPR can predict the occurrence probability of DDOS when Sandmind attack occurs to gain root privilege, and then confirm the prediction in the beginning of Syn flooding. |
Year | DOI | Venue |
|---|---|---|
2007 | 10.1007/978-3-540-72590-9_122 | International Conference on Computational Science (4) |
Keywords | DocType | Volume |
max-1-connected bayesian network,max-1-connected causal networks,intrusion plan prediction,new intrusion plan prediction,probability inference,occurrence probability,intrusion plan recognition algorithm,sandmind attack,max-k-connected network,inference efficiency,algorithm ipr,causal network,bayesian network,expressive power | Conference | 4490 |
ISSN | Citations | PageRank |
0302-9743 | 2 | 0.36 |
References | Authors | |
12 | 2 | |