Predicting intrusion goal using dynamic Bayesian network with transfer probability estimation |
| |
| Authors: | Li Feng Wei Wang Lina Zhu Yi Zhang |
| |
| Affiliation: | 1. Center of Dependable and Secure Computing (CDSC) of WuHan Digital Engineering Institute, WuHan, Hubei Provence 430074, China;2. French National Institute for Research in Computer Science and Control (INRIA) Sopia antipolis, France;3. State Key Laboratory for Manufacturing Systems (SKLMS) and MOE Key Lab for Intelligent Networks and Network Security (KLINNS), Xi’an Jiaotong University, Xi’an, China;1. LDCSEE, West Virginia University, Morgantown, WV, United States;2. Computer Science Laboratory, SRI, Menlo Park, CA, United States;3. Life Sciences Division, Lawrence Berkeley National Lab, Berkeley, CA, United States;1. Dept. of Software Convergence Technology, Ajou University, San 5 Wonchon-dong Youngtong-gu, Suwon, Gyeonggi-Do 443-749, South Korea;2. Dept. of Computer Engineering, Graduate School, Ajou University, Suwon 443-749, South Korea;3. IP Service Team, Korea Institute of Patent Information, Seoul 146-8, South Korea;1. Center for Mobile Cloud Computing Research (C4MCCR), University of Malaya, 50603 Kuala Lumpur, Malaysia;2. Department of Computer Science, University of Engineering and Technology Peshawar, Peshawar 2500, Pakistan;3. Faculty of Computer Science and Information Technology, University of Malaya, 50603 Kuala Lumpur, Malaysia;4. Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi Arabia;5. Faculty of Computer System and Software Engineering, Universiti Malaysia Pahang, 26300 Gambang, Malaysia;1. Department of Computer Science, Federal Urdu University of Arts Science & Technology, Pakistan;2. Centre for Communication Systems Research, Department of Electronic Engineering, University of Surrey, UK;1. Department of Electrical and Computer Engineering, Ecole de Technologie Superieure (ETS), Montreal, Canada;2. Department of Electrical and Computer Engineering, Concordia University, Montreal, Canada |
| |
| Abstract: | Predicting the intentions of an observed agent and taking corresponding countermeasures is the essential part for the future proactive intrusion detection systems (IDS) as well as intrusion prevention systems (IPS). In this paper, an approach of dynamic Bayesian network with transfer probability estimation was developed to predict whether the goal of system call sequences is normal or not, with early-warnings being launched, so as to ensure that some appropriate countermeasures could be taken in advance. Since complete set of system call state transfer can hardly be built in real environments, the empirical results show that the newly emerging system call transfer would have great impact on the prediction performance if we straightly use dynamic Bayesian network without transfer probability estimation. Therefore, we estimate the probability of new state transfer to predict the goals of system call sequences together with those in conditional probability table (CPT). It surmounts the difficulties of manually selecting compensating parameters with dynamic Bayesian network approach Feng L, Guan X, Guo S, Gao Y, Liu P. Predicting the intrusion intentions by observing system call sequences. Computers & Security 2004; 23/3: 241–252] and obviously makes our prediction model more applicable. The University of New Mexico (UNM) and KLINNS data sets were analyzed and the experimental results show that it performs very well for predicting the goals of system call sequences with high accuracy and furthermore dispenses with much more manual work for selecting compensating parameters. |
| |
| Keywords: | |
| 本文献已被 ScienceDirect 等数据库收录! |
|
