Using CLIPS to Detect Network Intrusions

Alípio, Pedro; Carvalho, Paulo; Neves, José

doi:10.1007/978-3-540-24580-3_40

Cited by 8 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thereby, Snort 1 (a rule-based state of the art Misuse Detection System, see (Roesch, 1999), has been integrated to improve the training procedure to increase the accuracy of ESIDE-Depian. Following a strategy proven successful in this area, (Alipio et al, 2003), the reasoning engine we present here is composed of a number of Bayesian experts working over a common knowledge representation model. The Bayesian experts must cover all possible areas where a menace may rise.…”

Section: Architecturementioning

confidence: 99%

Integral Misuse and Anomaly Detection and Prevention System

Penya¹,

Ruiz-Agundez²,

Bringas³

2011

Intrusion Detection Systems

View full text Add to dashboard Cite

Section: Architecturementioning

confidence: 99%

Integral Misuse and Anomaly Detection and Prevention System

Penya¹,

Ruiz-Agundez²,

Bringas³

2011

Intrusion Detection Systems

View full text Add to dashboard Cite

“…Please note that this sequence only applies for the standard generation process followed by the Packet Header Parameter Analysis experts (see Figure 2). We have divided the network traffic according to its type (TCP-IP, UDP-IP and ICMP-IP) and created three Bayesian networks (experts) to analyse their respective packet headers (which is an strategy already proven successful in this area (Alípio et al, 2003)). Moreover, in order to cover all possible kind of menaces, we also have to take into account the payload (i.e.…”

Section: Bayesian Network Obtaining Processmentioning

confidence: 99%

“…Different approaches to develop network misuse detectors include expert systems (Alípio et al, 2003), intent-specification languages (Doyle et al, 2001), intelligent agent systems (Helmer et al, 2003) or rule-induction systems (Kantzavelou & Katsikas, 1997) (in (Kabiri & Ghorbani, 2005) the reader can obtain a detailed analysis of related work in this area).…”

Section: Related Workmentioning

confidence: 99%

Bayesian Networks for Network Intrusion Detection

Bringas¹,

Grueiro²

2010

Bayesian Network

View full text Add to dashboard Cite

“…Thereby, Snort (a rule-based state of the art Misuse Detection System (Roesch, 1999)), has been integrated to improve the training procedure to increase the accuracy of ESIDE-Depian. Following a strategy proven successful in this area (Alipio et al, 2003), the reasoning engine we present here is composed of a number of Bayesian experts working over a common knowledge model. The Bayesian experts must cover all possible areas where a menace may rise.…”

Section: Architecture and Approachmentioning

confidence: 99%

“…Anomaly Detection Systems, however, cannot compete with Misuse Detection ones when it comes to detect wellknown attacks; therefore, each approach fails when it comes to the other's area of expertise. Now, several paradigms have been used to develop diverse NIDS approaches (a detailed analysis of related work in this area can be found for instance in (Kabiri and Ghorbani, 2005)): Expert Systems (Alipio et al, 2003), Finite Automatons (Vigna et al, 2000), Rule Induction Systems (Kantzavelou and Katsikas, 1997), Neural Networks (Mukkamala et al, 2005), Intent Specification Languages (Doyle et al, 2001), Genetic Algorithms (Kim et al, 2005), Fuzzy Logic (Chavan et al, 2004) Support Vector Machines (Mukkamala et al, 2005), Intelligent Agent Systems (Helmer et al, 2003) or Data-Mining-based approaches (Lazarevic et al, 2003). Still, none of them tries to combine anomaly and misuse detection and, fail when applied to either well-known or zero-day attacks.…”

Section: Introductionmentioning

confidence: 99%

Bayesian-Networks-Based Misuse and Anomaly Prevention System

Bringas¹,

Penya²,

Paraboschi³

et al. 2008

Proceedings of the Tenth International Conference on Enterprise Information Systems

View full text Add to dashboard Cite

Network Intrusion Detection Systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, an NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour and detecting those that do not fit on that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this, we present here ESIDE-Depian, the first unified misuse and anomaly prevention system based on Bayesian Networks to analyse completely network packets, and the strategy to create a consistent knowledge model that integrates misuse and anomaly-based knowledge. Finally, we evaluate ESIDE-Depian against well-known and new attacks showing how it outperforms a well-established industrial NIDS.

show abstract

Using CLIPS to Detect Network Intrusions

Cited by 8 publications

References 9 publications

Integral Misuse and Anomaly Detection and Prevention System

Integral Misuse and Anomaly Detection and Prevention System

Bayesian Networks for Network Intrusion Detection

Bayesian-Networks-Based Misuse and Anomaly Prevention System

Contact Info

Product

Resources

About