Wojciech Tylman

Anomaly-Based Intrusion Detection Using Bayesian Networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the anomaly-based detection. The ultimate goal is to create a hybrid, misuse anomaly based solution that will allow interaction between these two techniques of intrusion detection. Ability to alter its behaviour based on historical data is also an important feature of the described system.

Misuse-Based Intrusion Detection Using Bayesian Networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the misuse-based detection. The ultimate goal is to provide better detection capabilities and less chance of false alarms by creating a platform capable of evaluating Snort alerts in a broader context - other alerts and network traffic in general. An ability to include on-demand information from third party programs is also an important feature of the presented approach to intrusion detection.

Novel leak detection system for pipe type cable installations

This paper presents a new application of modern numerical algorithms, such as neural and probabilistic networks, for monitoring pressure system installations. Theoretical background as well as custom implementation of the algorithms is presented, and a complete system for monitoring high-pressure, fluid-filled (HPFF) cables is described.

Misuse-based intrusion detection using Bayesian networks

This paper presents an application of Bayesian networks to the process of intrusion detection in computer networks. The presented system, called Basset (Bayesian system for intrusion detection) extends functionality of Snort, an open-source NIDS, by incorporating Bayesian networks as additional processing stages. The flexible nature of this solution allows it to be used both for misuse-based and anomaly-based detection process; this paper concentrates on the misuse-based detection. The ultimate goal is to provide better detection capabilities and less chance of false alarms by creating a platform capable of evaluating Snort alerts in a broader context - other alerts and network traffic in general. An ability to include on-demand information from third party programs is also an important feature of the presented approach to intrusion detection.

Detecting computer intrusions with Bayesian networks

This paper presents an application of Bayesian networks for network intrusion detection. The described system, named Basset, utilises this technique to enhance the process of misuse-based detection implemented in Snort system. The paper presents the structure of the proposed solution, the role of the Bayesian networks in the detection process and the application of the system to the detection of a real-world attack -- an exploitation of a vulnerability in a web browser.

Implementation Of Bayesian Network In FPGA Circuit

The paper presents a novel approach to the implementation of Bayesian network - an implementation in an FPGA circuit. The opportunities and problems connected with the parallel-processing approach of the FPGA circuit are discussed. Modifications of the computation algorithm that are needed due to limited computational capabilities are described. Details of the construction of the main computational blocks are also depicted

Real-time prediction of acute cardiovascular events using hardware-implemented Bayesian networks

This paper presents a decision support system that aims to estimate a patient׳s general condition and detect situations which pose an immediate danger to the patient׳s health or life. The use of this system might be especially important in places such as accident and emergency departments or admission wards, where a small medical team has to take care of many patients in various general conditions. Particular stress is laid on cardiovascular and pulmonary conditions, including those leading to sudden cardiac arrest. The proposed system is a stand-alone microprocessor-based device that works in conjunction with a standard vital signs monitor, which provides input signals such as temperature, blood pressure, pulseoxymetry, ECG, and ICG. The signals are preprocessed and analysed by a set of artificial intelligence algorithms, the core of which is based on Bayesian networks. The paper focuses on the construction and evaluation of the Bayesian network, both its structure and numerical specification.

SCADA Intrusion Detection Based on Modelling of Allowed Communication Patterns

This work presents a network intrusion detection system (NIDS) for SCADA developed as an extension to Snort NIDS, a popular open-source solution targeted at intrusion detection in Internet. The concept of anomaly-based intrusion detection and its applicability in the specific situation of industrial network traffic is discussed. The idea of modelling allowed communication patterns for Modbus RTU protocol is explained and the system concept, utilising n-gram analysis of packet contents, statistical analysis of selected packet features and a Bayesian Network as data fusion component is presented. The implementation details are outlined, including the concept of building the system as a preprocessor for the Snort NIDS. The chapter is concluded by results of test conducted in simulated environment.

Native Support for Modbus RTU Protocol in Snort Intrusion Detection System

The paper addresses the problem of intrusion detection in industrial networks. A novel approach to processing non-IP protocols in Snort Intrusion Detection System is presented, based on Snort Data Acquisition Module (DAQ). An example implementation for industry-standard Modbus RTU protocol is presented, which allows Snort to natively process Modbus RTU frames, without need to use external programs or hardware and without modification of Snort code. The structure of implementation and frame processing path is outlined. The solution is compared against existing attempts to process Modbus family protocols in Snort IDS. Results of tests in an virtualised environment are given, together with indications of future work.

Detecting Small Fluid Leaks in Pipe-Type Cable Installations

Detection of fluid leaks in pipe-type cable installations is important for both environmental and operational reasons. A new application of modern numerical algorithms, such as neural and probabilistic networks, for monitoring pressure system installations has been recently presented by the authors. This approach led to the development of a complete system for monitoring high-pressure, fluid-filled cables. During the initial system implementation, a need arose for the detection of very small leaks. To meet this need, the detection algorithms were revised and new features were implemented. This paper describes the new algorithms and discusses their implementation.