Abstract

Today Internet is more popular for many users and business applications such as banking, social networks, education, entertainment, scientific research, and recently cloud computing. The number of services provided by the internet service providers through Internet is rapidly increasing. For many applications security has become a serious issue for anyone connected to the Internet. Security should be provided by the ISPs to the Internet users in the form confidentiality, integrity, and authentication. These can be provided through IDS. In our paper we have proposed a simple, easy and efficient approach for building IDS using integrated model of Bayes Net with Hidden Markov Model. The first phase of the model is to build the Bayesian network using the dataset. Once the network is built the conditional probability or joint probability for each node can be determined. The Bayes network has been used as state transition diagram for HMM. The HMM parameters can be estimated using the Bayesian Network. We have used a standard kddcup99 dataset for building the model. This model can be able to differentiate the intruders from normal users with low false positive rate and high true positive rate. The model works for even high dimensional data streams with high performance detection rate and robust to noise.

References

• Staff. kfupm. edu. sa/DAD/sanaulla/work/TABU1. doc
• L. Rabiner, A tutorial on hidden markov models and selected applications in speech recognition, Proceedings of the IEEE 77 (2) (1989) 257–286.
• http://www. kdd. org/kddcup/index. php?section=1999&method=info
• http://www. omnisecu. com/security/infrastructure-and-email-security/types-of-intrusion-detection-systems. htm
• Hidden Markov Model: http://en. wikipedia. org/wiki/Hidden_Markov_model
• Intrusion Detection Systems - INTRODUCTION, DETECTION METHODOLOGIES: http://encyclopedia. jrank. org/articles/pages/6646/Intrusion-Detection-Systems. html
• Dorothy E. Denning. An intrusion detection model. IEEE Transactions on Software Engineering, SE-13(2):222–232, 1987.
• James P. Anderson. Computer security threat monitoring and surveillance. Technical report, James P. Anderson Co. , 1980.
• Richard Heady, George Luger, Arthur Maccabe, and Mark Servilla. The architecture of a network level intrusion detection system. Technical report, University of New Mexico, 1990.
• Frederick K. K. : Network Intrusion Detection Signatures. December 19, 2001, http://online. securityfocus. com/infocus/1524
• Elson D. :Intrusion Detection, Theory and Practice. March 27, 2000, http://online. securityfocus. com/infocus/ 1203
• Frederick K. K. : Network Intrusion Detection Signatures. December 19, 2001, http://online. securityfocus. com/infocus/1524.
• P Srinivasulu, D Nagaraju, P Ramesh Kumar, and K NageswaraRao, "Classifying the Network Intrusion Attacks using Data Mining Classification Methods and their Performance Comparison" JCSNS International Journal of Computer Science and Network Security, VOL. 9 No. 6, June 2009.
• Nagaraju Devarakonda, Srinivasulu Pamidi, V Valli Kumari, A Govardhan "Outliers Detection as Network Intrusion Detection System Using Multi Layered Framework" Advances in Computer Science and Information Technology: First International Conference on Computer Science and Information Technology, Springer, CCSIT 2011,Jan 2011.
• Bayes Nets: http://www. bayesnets. com/#BayesNetsStructureLearning
• A Brief Introduction to Graphical Models and Bayesian Networks: http://www. cs. ubc. ca/ ~murphyk/ Bayes/bnintro. html
• Bayesian Networks: http://www. autonlab. org/tutorials/bayesnet. html
• figment. cse. usf. edu/~sfefilat/data/papers/WeBCT8. 23. pdf
• www. cs. brown. edu/research/ai/dynamics/tutorial/Documents/HiddenMarkovModels. html