anomaly based intrusion detection system using naive bayesian and hidden markov models by jonathan...
TRANSCRIPT
Anomaly Based Intrusion Detection SystemUsing Naive Bayesian and Hidden Markov Models
By Jonathan LallyID: 12211753Email: [email protected]
Misuse Detectors
Advantages• Known attacks• Quick
Disadvantages• Regular patches• Adaptive attackers
Anomaly Detectors
Advantages◦Powerful
Blocks Unknown Attacks
Disadvantages◦Slow◦False Positives◦Training
Naive Bayesian ModelProbability distribution of packet
type
Average connection: < 3RSTs, 8 SYNs, 48 ACKs, 1 FIN/ACKs, 40
PSH/ACKs >
DoS attack: < 0 RSTs, 100 SYNs, 0 ACKs, 0 FIN/ACKs,
0 PSH/ACKs >
Previous ExperimentsNaive Bayesian based IDS
Vijayasarathy, R., Raghavan, S. V., & Ravindran, B. in “A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier” 2011.
Hidden Markov Model Rangadurai Karthick, R., Hattiwale, V. P., &
Ravindran, B. In “Adaptive network intrusion detection system using a hybrid approach” in 2012
This Experiment: Time based Training data