Application of Bayesian Networkin Computer Networks

Raza H. Abedi

Misuse-Based Intrusion Detection Using Bayesian Networks

• Introduction– NIDS– Snort– Bayesian System for Intrusion Detection (Basset)– Misuse Based– Anomaly Based– Misuse base system is studied in this paper– Goal is to provide better detection capabilities and

less chances of false alarms

Problem Identification

• The possibility that a fingerprint might be matched with a legitimate packet will always be there

• Since some fingerprints contain detailed description, so there might be a possibility that if some hacker change only the port number than the malicious packet will be treated as a legitimate packet.

• Snort treat each event individually, it cannot analyze any link between certain flows of packet. Some attack scenario involves three different phases, reconnaissance, actual attack and post attack activity

Problem Identification

• It is not possible to gather information about any computer which is an intended target of the attack. Insignificant alarm could be raised without an actual threat

• There is no learning capability in the system, since all rules are human-made so there is no way that the program could modify them in any way

Solution

Solution

A Probabilistic Approach for Network Intrusion Detection

• Introduction– The aim is to propose a probabilistic approach for

detecting intrusions by using Bayesian Network– Three variation of BN (Naïve BN, Learned BN and

Handcrafted BN) were evaluated from which the optimal BN was obtained

– Three categories of attack were considered (DoS, Probing, Remote to Local and User to Root)

– The data set consists of around half million records, Records are split in to 80% and 20%, for training and testing phase

Problem Definition

• To select after evaluation, which type of BN is the most optimal one in our scenario

• 80% of the data is first utilized in structure building and the remaining 20% were used to obtain classification accuracies of BNs

Proposed IDS Architecture

Solution

Solution

Solution

ResultsCategory Naïve BN Learned BN Handcrafted BNNormal 99.85 99.77 99.85DoS 99.43 99.97 99.92

Probe 99.27 99.64 99.51

R2L 96.44 79.56 97.33U2R 50.00 0.00 60.00

A Bayesian Network Based Trust Model for Improving Collaboration in Mobile Ad hoc Networks

• Introduction– Mobile Ad hoc Network– Model evaluates trust in a server with direct

experience and recommendations from other nodes in MANET

– A BN based trust model is proposed and evaluated through simulation that the model is optimal in selecting best server among a set of eligible servers

Problem Identification

• Mobile ad hoc network consist of a number of nodes communicating with each other without any central control or hierarchy

• It is impossible to ascertain which node is a malicious one or the legitimate one

• A trust must be established before a node starts communicating with any of the available servers.

Solution

Result

BNWSN: Bayesian Network Trust Model for Wireless Sensor Model

• Introduction– Wireless Sensor Networks (WSN)– Communication Trust– Data Trust– The research work and simulation consider both

communication trust and data trust in model– “The subjective probability by which node A depends

on node B to fulfill its promises in performing an action and at the same time being reliable in reporting its sensed data”

Problem Definition

• Trust management in WSNs are predominately based on routing messages

• Trust model based on communication only is unreliable and misleading

• There is no evaluation of sensed data in the trust model (data trust)

• How much trust is enough• Which components should be included to decide

on trust, called (data trust)

Solution

Multiplication of Beta and Normal Distribution

Results

Results

Results