Intrusion Detection based on "Hybrid" Propagation in Bayesian Networks

The goal of a network-based intrusion detection system (IDS) is to identify malicious behavior that targets a network and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network (BN) is known as graphical modeling tool used to model decision problems containing uncertainty. In this paper, a BN is used to build automatic intrusion detection system based on signature recognition. A major difficulty of this system is that the uncertainty on parameters can have two origins. The first source of uncertainty comes from the uncertain character of information due to a natural variability resulting from stochastic phenomena. The second source of uncertainty is related to the imprecise and incomplete character of information due to a lack of knowledge. The goal of this work is to propose a method to propagate both the stochastic and the epistemic uncertainties, coming respectively from the uncertain and imprecise character of information, through the bayesian model, in an intrusion detection context.