Go to DBLP homepageExploring Scalable Bayesian Networks For Identification of Zero-day Attack Paths
Abstract: Detecting zero-day attacks is still a challenging problem for large enterprise networks. Some previous research work captures the system-level activities and then builds Bayesian networks to collect the intrusion alerts as evidence for zero-day attack path detection. However, since such Bayesian networks are developed on top of the dependency graphs among system objects, scalability can easily become an issue due to the overwhelming amount of system level activities. As more system calls are collected over time, the size of the Bayesian network will increase drastically. Therefore, we propose an approach to address the scalability issue of the Bayesian network when using it to identify the zero-day attack paths.This paper focuses on three parts: the division of a single large Bayesian network, the virtual connection of multiple sub-Bayesian networks, and the Bayesian inference between sub-Bayesian networks to find the complete zero-day attack paths. The division of a large Bayesian network into smaller parts reduces the time needed to calculate probabilities and update the Bayesian networks. In the proposed approach, multiple Bayesian networks can virtually connect to work as an entire network for identification of zero-day attack paths. The experimental results demonstrate the effectiveness of this scalable Bayesian network approach.
Loading