Pablo Garcia Bringas, Yoseba K. Penya, Stefano Paraboschi, Paolo Salvaneschi



Network Intrusion Detection Systems (NIDS) aim at preventing network attacks and unauthorised remote use of computers. More accurately, depending on the kind of attack it targets, an NIDS can be oriented to detect misuses (by defining all possible attacks) or anomalies (by modelling legitimate behaviour and detecting those that do not fit on that model). Still, since their problem knowledge is restricted to possible attacks, misuse detection fails to notice anomalies and vice versa. Against this, we present here ESIDE-Depian, the first unified misuse and anomaly prevention system based on Bayesian Networks to analyse completely network packets, and the strategy to create a consistent knowledge model that integrates misuse and anomaly-based knowledge. Finally, we evaluate ESIDE-Depian against well-known and new attacks showing how it outperforms a well-established industrial NIDS.


  1. Alipio, P., Carvalho, P., Neves, J., 2003. Using CLIPS to Detect Network Intrusion. Lecture Notes in Computer Science, volume 2902/2003, pages 341-354, ISBN 0302-9743, Springer-Verlag.
  2. Brugger, T., 2004. Data Mining Methods for Network Intrusion Detection. PhD thesis. University of California Davis.
  3. Castillo, E., Gutierrez, J.M., Hadi, A. S., 1997. Expert Systems and Probabilistic Network Models. ISBN: 0- 387-94858-9. Springer-Verlag.
  4. Chavan, S., Shah, K., Dave, N., Mukherjee, S., Abraham, A., Sanyal, S., 2004. Adaptative neuro-fuzzy intrusion detection systems. Proceedings of the 2004 International Conference on Information Technology: Coding and Computing, volume 1, pages 70-74.
  5. Crothers, T., 2002. Implementing Intrusion Detection Systems: A Hands-On Guide for Securing the Network. ISBN 0764549499, John Whiley & Sons Inc.
  6. Doyle, J., Kohane, I., Long, W., Shrobe, H., Szolovits, P., 2001. Event recognition beyond signature and anomaly. Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, pages 170-174.
  7. Estevez-Tapiador, J., Garcia-Teodoro, P., Diaz-Verdejo, J., 2003. Stochastic protocol modelling for anomaly based network intrusion detection. Proceedings of the first IEEE International Workshop on Information Assurance, pages 3-12.
  8. Ghahramani, Z., 1998. Learning Dynamic Bayesian Networks. Lecture Notes in Computer Science, volume 1387, page 168. Springer-Verlag.
  9. Helmer, G., Wong, J., Honavar, V., Miller, L., Wang, Y., 2003. Lightweight agents for intrusion detection. Journal of Systems and Software, volume 67, pages 109-122.
  10. Internet System Consortium, 2007. Internet Domain Survey. July 2007. Available at
  11. Kabiri, P., Ghorbani, A. A., 2005. Research on intrusion detection and response: A survey. International Journal on Information Security, volume 1(2), pages 84-102.
  12. Kantzavelou, I., Katsikas, S., 1997. An attack detection system for secure computer systems outline of the solution. Proceedings of the IFIP TC11 13th International Conference on Information Security, pages 123-135.
  13. Kim, D., Nguyen, H., Park, J., 2005. Genetic algorithm to improve svm-based network intrusion detection system. Proceedings of the 19th International Conference on Advanced Information Networking and Applications (AINA), volume 2, pages 155-158.
  14. Kruegel, C., Vigna, G., 2003. Anomaly detection of webbased attacks. Proceedings of the 10th ACM Conference on Computer and Communications Security, pages 251-261.
  15. Lazarevic, A., Ertoz, L., Kumar, V., Ozgur, A., Srivastava, J., 2003. A comparative study of anomaly detection schemes in network intrusion detection. Proceedings of the SIAM International Conference on Data Mining.
  16. Lee, W., Stolfo, S., Chan, P., Eskin, E., Fan, W., Miller, M., Hershkop, S., Zhang., J., 2001. Real time data mining-based intrusion detection. Proceedings of the second DARPA Information Survivability Conference and Exposition, volume 1, pages 89-100.
  17. Metasploit, 2006. Exploit research. Available at
  18. Mukkamala, S., Sung, A., Abraham, A., 2005. Intrusion detection using an ensemble of intelligent paradigms. Journal of Network and Computer Applications, volume 28, pages 167-182.
  19. Murphy, K., 2001. An introduction to graphical models. Technical report. Intel Research, Intel Corporation.
  20. Roesch, M. (1999). SNORT: Lightweight intrusion detection for networks. Proceedings of LISA99: 13th Systems Administration Conference, pages 229-238.
  21. Singhal, A., Jajodia, S., 2006. Data warehousing and data mining techniques for intrusion detection systems. International Journal on Information Security, volume 1(2), pages 149-166.
  22. Snort, 2006. The facto standard for intrusion detection and prevention. Available at
  23. Spirtes, P., Glymour, C., Scheines, R., 2001. Causation, Prediction, and Search, Second Edition. Adaptive Computation and Machine Learning. The MIT Press.
  24. Valdes, A., Skinner, K., 2000. Adaptive, model-based monitoring for cyber attack detection. Proceedings of RAID 2000, pages 80-92.
  25. Vigna, G., Eckman, S., Kemmerer, R., 2000. The STAT tool suite. Proceedings of the DARPA Information Survivability Conference and Exposition 2000, volume 2, page 1046. IEEE Press.

Paper Citation

in Harvard Style

Garcia Bringas P., K. Penya Y., Paraboschi S. and Salvaneschi P. (2008). BAYESIAN-NETWORKS-BASED MISUSE AND ANOMALY PREVENTION SYSTEM . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-8111-37-1, pages 62-69. DOI: 10.5220/0001702300620069

in Bibtex Style

author={Pablo Garcia Bringas and Yoseba K. Penya and Stefano Paraboschi and Paolo Salvaneschi},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS,},

in EndNote Style

JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 2: ICEIS,
SN - 978-989-8111-37-1
AU - Garcia Bringas P.
AU - K. Penya Y.
AU - Paraboschi S.
AU - Salvaneschi P.
PY - 2008
SP - 62
EP - 69
DO - 10.5220/0001702300620069