Extending Signature-based Intrusion Detection Systems With Bayesian Abductive Reasoning
| dc.contributor.author | Ganesan, Ashwinkumar | |
| dc.contributor.author | Parameshwarappa, Pooja | |
| dc.contributor.author | Peshave, Akshay | |
| dc.contributor.author | Chen, Zhiyuan | |
| dc.contributor.author | Oates, Tim | |
| dc.date.accessioned | 2019-04-19T19:13:19Z | |
| dc.date.available | 2019-04-19T19:13:19Z | |
| dc.date.issued | 2019-03-28 | |
| dc.description.abstract | Evolving cybersecurity threats are a persistent challenge for system administrators and security experts as new malwares are continually released. Attackers may look for vulnerabilities in commercial products or execute sophisticated reconnaissance campaigns to understand a target’s network and gather information on security products like firewalls and intrusion detection / prevention systems (network or host-based). Many new attacks tend to be modifications of existing ones. In such a scenario, rule-based systems fail to detect the attack, even though there are minor differences in conditions / attributes between rules to identify the new and existing attack. To detect these differences the IDS must be able to isolate the subset of conditions that are true and predict the likely conditions (different from the original) that must be observed. In this paper, we propose a probabilistic abductive reasoning approach that augments an existing rule-based IDS (snort [29]) to detect these evolved attacks by (a) Predicting rule conditions that are likely to occur (based on existing rules) and (b) able to generate new snort rules when provided with seed rule (i.e. a starting rule) to reduce the burden on experts to constantly update them. We demonstrate the effectiveness of the approach by generating new rules from the snort 2012 rules set and testing it on the MACCDC 2012 dataset. | en_US |
| dc.description.sponsorship | This research is being conducted in the UMBC Accelerated Cognitive Computing Lab (ACCL) that is supported in part by a gift from IBM Research. We thank the other members of the ACCL Lab for their input, suggestions and guidance in developing this system. | en_US |
| dc.description.uri | https://arxiv.org/abs/1903.12101 | en_US |
| dc.format.extent | 10 pages | en_US |
| dc.genre | journal articles preprints | en_US |
| dc.identifier | doi:10.13016/m2r7vz-rgfh | |
| dc.identifier.citation | Ashwinkumar Ganesan, Pooja Parameshwarappa, Akshay Peshave, Zhiyuan Chen, Tim Oates, Extending Signature-based Intrusion Detection Systems WithBayesian Abductive Reasoning, 2019, https://arxiv.org/abs/1903.12101 | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/13475 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.relation.ispartof | UMBC Information Systems Department | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.subject | abductive reasoning | en_US |
| dc.subject | bayesian networks | en_US |
| dc.subject | intrusion detection system | en_US |
| dc.subject | cybersecurity | en_US |
| dc.title | Extending Signature-based Intrusion Detection Systems With Bayesian Abductive Reasoning | en_US |
| dc.type | Text | en_US |