Registriere dich

Oder, falls du lieber...


Panel Information

Utilizamos cookies propias y de terceros para mejorar tu experiencia de navegación. Al continuar con la navegación entendemos que aceptas nuestra política de cookies.

Next-generation Misuse and Anomaly Prevention System



ICEIS (), 2008 (), p. 117-129 , -.
, 2008


"Network Intrusion Detection Systems (NIDS) aim at pre- venting network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, an NIDS can be oriented to detect misuses (by de¯ning all possible attacks) or anomalies (by modelling legitimate behaviour and detecting those that do not ¯t on that model). Still, since their problem knowledge is restricted to pos- sible attacks, misuse detection fails to notice anomalies and vice versa. Against this, we present here ESIDE-Depian, the ¯rst uni¯ed misuse and anomaly prevention system based on Bayesian Networks to analyse com- pletely network packets, and the strategy to create a consistent knowl- edge model that integrates misuse and anomaly-based knowledge. The training process of the Bayesian network may become intractable very fast in some extreme situations; we present also a method to cope with this problem. Finally, we evaluate ESIDE-Depian against well-known and new attacks showing how it outperforms a well-established indus- trial NIDS."

Über diese Ressource...

Besuche/Aufrufe 225