Browse > Article
http://dx.doi.org/10.5391/JKIIS.2014.24.5.495

IDS Model using Improved Bayesian Network to improve the Intrusion Detection Rate  

Choi, Bomin (Department of Security Technology Team, Korea Internet & Security Agent)
Lee, Jungsik (Agency for Defense Development)
Han, Myung-Mook (Department of Computer Engineering, Gachon University)
Publication Information
Journal of the Korean Institute of Intelligent Systems / v.24, no.5, 2014 , pp. 495-503 More about this Journal
Abstract
In recent days, a study of the intrusion detection system collecting and analyzing network data, packet or logs, has been actively performed to response the network threats in computer security fields. In particular, Bayesian network has advantage of the inference functionality which can infer with only some of provided data, so studies of the intrusion system based on Bayesian network have been conducted in the prior. However, there were some limitations to calculate high detection performance because it didn't consider the problems as like complexity of the relation among network packets or continuos input data processing. Therefore, in this paper we proposed two methodologies based on K-menas clustering to improve detection rate by reforming the problems of prior models. At first, it can be improved by sophisticatedly setting interval range of nodes based on K-means clustering. And for the second, it can be improved by calculating robust CPT through applying weighted-leaning based on K-means clustering, too. We conducted the experiments to prove performance of our proposed methodologies by comparing K_WTAN_EM applied to proposed two methodologies with prior models. As the results of experiment, the detection rate of proposed model is higher about 7.78% than existing NBN(Naive Bayesian Network) IDS model, and is higher about 5.24% than TAN(Tree Augmented Bayesian Network) IDS mode and then we could prove excellence our proposing ideas.
Keywords
Intrusion Detection System(IDS); Bayesian Network; K-means Clustering; Intrusion Detection Rate;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Kayacik, H. Gunes, A. Nur Zincir-Heywood, and Malcolm I. Heywood. "Selecting features for intrusion detection: a feature relevance analysis on KDD 99 intrusion detection datasets," Proceedings of the third annual conference on privacy, security and trust, 2005.
2 M. Julia Flores, Jose A, Gamez, Ana M, Martinez, Jose M, and PuertaFlores, "Handling numeric attributes when comparing Bayesian network classifiers: does the discretization method matter?," Applied Intelligence, vol.34, no.3, pp.372-385, 2011.   DOI
3 Tsuchiya, Paul F. "The IP Network Address Translator (Nat): Preliminary Design," work in progress, 1991.
4 Kim Hyun-Woo, Shin Seong-Jun, Lee Seung-Min, and Jeong Seok-Bong, "Network-based Intrusion Detection Scheme using Markov Chin Model," Journal of Decision Science, vol.20, no.1, pp.75-88, Nov. 2012.
5 Chickering, David Maxwell, "Learning equivalence classes of Bayesian-network structures," The Journal of Machine Learning Research, no.2, pp.445-498, 2002.
6 Bayes, Thomas, "An essay toward solving a problem in the doctrine of chances," Philosophical Transactions of the Royal Society of London 53, 1984.
7 Jun-hyeng choi, Joong-bae Kim, Dae-su Kim and Kee-wook Rim, "Bayesian Model for Probabilistic Unsupervised Learning," Proceedings of KIIS Conference, vol.11, no.9, pp.849-854, 2011.   과학기술학회마을
8 Murphy, Kevin. "A brief introduction to graphical models and Bayesian networks," 1998.
9 Jemili, Farah, Montaceur Zaghdoud, and M. Ben Ahmed, "A framework for an adaptive intrusion detection system using Bayesian network," Intelligence and Security Informatics, pp.66-70, 2007.
10 Khor, Kok-Chin, Choo-Yee Ting, and Somnuk-Phon Amnuaisuk, "From feature selection to building of Bayesian classifiers: A network intrusion detection perspective," American Journal of applied sciences, vol.6, no.11, 2009.
11 Najafi, R., and Mohsen Afsharchi. "Network Intrusion Detection Using Tree Augmented Naive-Bayes." The Third International Conference on Contemporary Issues in Computer and Information Sciences (CICIS'12), 2012.
12 Ian H. Witten, Eibe Frank, "Data Mining," Morgan Kaufmann Publishers, pp.238-246, 2000.