A Naive Bayes Approach for Detecting Coordinated Attacks

CC
COMPSAC
2008
2008 32nd Annual IEEE International Computer Software and Applications Conference
Abstract - A Naive Bayes Approach for Detecting Coordinated Attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Salem Benferhat Articles by Tayeb Kenaza Articles by Aicha Mokhtari

2008 32nd Annual IEEE International Computer Software and Applications Conference

July 28-August 01

ISBN: 978-0-7695-3262-2

	ASCII Text	x
	Salem Benferhat, Tayeb Kenaza, Aicha Mokhtari, "A Naive Bayes Approach for Detecting Coordinated Attacks," Computer Software and Applications Conference, Annual International, pp. 704-709, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008.

	BibTex	x
	@article{ 10.1109/COMPSAC.2008.213, author = {Salem Benferhat and Tayeb Kenaza and Aicha Mokhtari}, title = {A Naive Bayes Approach for Detecting Coordinated Attacks}, journal ={Computer Software and Applications Conference, Annual International}, volume = {0}, year = {2008}, issn = {0730-3157}, pages = {704-709}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.213}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - A Naive Bayes Approach for Detecting Coordinated Attacks SN - 0730-3157 SP704 EP709 A1 - Salem Benferhat, A1 - Tayeb Kenaza, A1 - Aicha Mokhtari, PY - 2008 KW - Bayesian networks KW - IDS KW - coordinated attacks VL - 0 JA - Computer Software and Applications Conference, Annual International ER -

Salem Benferhat

Tayeb Kenaza

Aicha Mokhtari

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2008.213

Alert correlation is a very useful mechanism to reduce the high volume of reported alerts and to detect complex and coordinated attacks. Existing approaches either require a large amount of expert knowledge or use simple similarity measures that prevent detecting complex attacks. They also suffer from high computational issues due, for instance, to a high number of possible scenarios. In this paper, we propose a naive bayes approach to alert correlation. Our modeling only needs a small part of expert knowledge. It takes advantage of available historical data, and provides efficient algorithms for detecting and predicting most plausible scenarios. Our approach is illustrated using the well known DARPA 2000 data set.

Index Terms:

Bayesian networks, IDS, coordinated attacks

Citation:

Salem Benferhat, Tayeb Kenaza, Aicha Mokhtari, "A Naive Bayes Approach for Detecting Coordinated Attacks," compsac, pp.704-709, 2008 32nd Annual IEEE International Computer Software and Applications Conference, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.