A decentralized bayesian attack detection algorithm for network security

Kien C. Nguyen, Tansu Alpcan, Tamer Başar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Decentralized detection has been an active area of research since the late 1970s. Its earlier application area has been distributed radar systems, and more recently it has found applications in sensor networks and intrusion detection. The most popular decentralized detection network structure is the parallel configuration, where a number of sensors are directly connected to a fusion center. The sensors receive measurements related to an event and then send summaries of their observations to the fusion center. Previous work has focused on separate optimization of the quantization rules at the sensors and the fusion rule at the fusion center or on asymptotic results when the number of sensors is very large and the observations are conditionally independent and identically distributed given each hypothesis. In this work, we examine the application of decentralized detection to intrusion detection with again the parallel configuration, but with joint optimization. Particularly, using the Bayesian approach, we seek a joint optimization of the quantization rules at the sensors and the fusion rule at the fusion center. The observations of the sensors are not assumed to be conditionally independent nor identically distributed. We consider the discrete case where the distributions of the observations are given as probability mass functions. We propose a search algorithm for the optimal solution. Simulations carried out using the KDD'99 intrusion detection dataset show that the algorithm performs well.

Original languageEnglish (US)
Title of host publicationProceedings of The Ifip Tc 11 23rd International Information Security Conference
Subtitle of host publicationIFIP 20th World Computer Congress, IFIP SEC'08
PublisherSpringer
Pages413-427
Number of pages15
ISBN (Print)9780387096988
DOIs
StatePublished - 2008

Publication series

NameIFIP International Federation for Information Processing
Volume278
ISSN (Print)1571-5736

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'A decentralized bayesian attack detection algorithm for network security'. Together they form a unique fingerprint.

Cite this