To search, Click below search items.


All Published Papers Search Service


From Intrusion Alerts to Forensic Explanations: A Probabilistic Inference Approach


Bon K. Sy


Vol. 7  No. 9  pp. 7-18


The objective of this research is to show an analytical intrusion detection framework (AIDF) comprised of (i) a probability model discovery approach, and (ii) a probabilistic inference mechanism for generating the most probable forensic explanation based on not only just the observed intrusion detection alerts, but also the unreported signature rules that are revealed in the probability model. The significance of the proposed probabilistic inference is its ability to integrate alert information available from IDS sensors distributed across subnets. We choose the open source Snort to illustrate its feasibility, and demonstrate the inference process applied to the intrusion detection alerts produced by Snort.


Intrusion Alerts, Forensics, Probabilistic Inference, Model Discovery