Combining a Bayesian Classifier with Visualisation: Understanding the IDS
Konferensbidrag (offentliggjort, men ej förlagsutgivet), 2004
Despite several years of intensive study, intrusion detection
systems still suffer from two key deficiencies: Low detection
rates and a high rate of false alarms.
To counteract these drawbacks an interactive detection
system based on simple Bayesian statistics combined with a
visualisation component is proposed, in the hope that this
lets the operator better understand how exactly the intrusion detection system is operating. The resulting system is
applied to the log of a webserver.
The combination proved to be effective. The Bayesian
classifier was reasonably effective in learning to differentiate
between benign and malicious accesses, and the visualisation
component enabled the operator to discern when the intrusion detection system was correct in its output and when it
was not, and to take corrective action, re-training the system interactively, until the desired level of performance was
Naive Bayesian Classification