Application of Bayesian belief networks and fuzzy cognitive maps in intrusion analysis

Yit Yin Wee, Wooi Ping Cheah, Shih Yin Ooi, Shing Chiang Tan, Kuokkwee Wee

Research output: Journal PublicationArticlepeer-review

2 Citations (Scopus)

Abstract

Bayesian belief networks (BBN) and fuzzy cognitive maps (FCM) are two major causal knowledge frameworks that are frequently used in various domains for cause and effect analysis. However, most researchers use these as separate approaches to analyse the cause(s) and effect(s) of an event. In practice, both methods have their own strengths and weaknesses in both causal modelling and causal analysis. In this paper, a combination of BBN and FCM is used in order to model and analyse network intrusions. First, the BBN is learnt from network intrusion data; following this, an FCM is generated from the BBN, using a migration method. A data-mining approach is suitable for use in the construction of a BBN for network intrusion since this is a data-rich domain, while an FCM is appropriate for the intuitive representation of complex domains. The proposed method of network intrusion analysis using both BBN and FCM consists of several stages, in order to leverage the capabilities of each approach in building the causal model and performing causal analysis. Both the intuitive representation of the causal model in FCM and the wide variety of reasoning methods supported by BBN are exploited in this research to facilitate network intrusion analysis.

Original languageEnglish
Pages (from-to)111-122
Number of pages12
JournalJournal of Intelligent and Fuzzy Systems
Volume35
Issue number1
DOIs
Publication statusPublished - 2018
Externally publishedYes

Keywords

  • Bayesian belief network
  • causal reasoning
  • fuzzy cognitive map
  • intrusion analysis
  • Root cause analysis

ASJC Scopus subject areas

  • Statistics and Probability
  • Engineering (all)
  • Artificial Intelligence

Fingerprint

Dive into the research topics of 'Application of Bayesian belief networks and fuzzy cognitive maps in intrusion analysis'. Together they form a unique fingerprint.

Cite this