Application of Bayesian belief networks and fuzzy cognitive maps in intrusion analysis

Bayesian belief networks (BBN) and fuzzy cognitive maps (FCM) are two major causal knowledge frameworks that are frequently used in various domains for cause and effect analysis. However, most researchers use these as separate approaches to analyse the cause(s) and effect(s) of an event. In practice...

Full description

Saved in:
Bibliographic Details
Published in:Journal of intelligent & fuzzy systems 2018-01, Vol.35 (1), p.111-122
Main Authors: Wee, Yit Yin, Cheah, Wooi Ping, Ooi, Shih Yin, Tan, Shing Chiang, Wee, Kuokkwee
Format: Article
Language:English
Subjects:
Bayesian analysis
Belief networks
Cognitive maps
Cognitive models
Data mining
Fuzzy logic
Intrusion
Migration
Representations
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Bayesian belief networks (BBN) and fuzzy cognitive maps (FCM) are two major causal knowledge frameworks that are frequently used in various domains for cause and effect analysis. However, most researchers use these as separate approaches to analyse the cause(s) and effect(s) of an event. In practice, both methods have their own strengths and weaknesses in both causal modelling and causal analysis. In this paper, a combination of BBN and FCM is used in order to model and analyse network intrusions. First, the BBN is learnt from network intrusion data; following this, an FCM is generated from the BBN, using a migration method. A data-mining approach is suitable for use in the construction of a BBN for network intrusion since this is a data-rich domain, while an FCM is appropriate for the intuitive representation of complex domains. The proposed method of network intrusion analysis using both BBN and FCM consists of several stages, in order to leverage the capabilities of each approach in building the causal model and performing causal analysis. Both the intuitive representation of the causal model in FCM and the wide variety of reasoning methods supported by BBN are exploited in this research to facilitate network intrusion analysis.
ISSN:1064-1246
1875-8967
DOI:10.3233/JIFS-169572