Probabilistic Analysis of Random Check Intrusion Detection System

Abstract

The ubiquitous adoption of network-based technologies has left organizations vulnerable to malicious attacks. It has become vital to have effective intrusion detection systems (IDS) that protect the network from attacks. In this paper, we study the intrusion detection problem through the lens of probability theory. We consider a situation where a network receives random malicious signals at discrete time instances, and an IDS attempts to capture these signals via a random check process. We aim to develop a probabilistic framework for intrusion detection under the given scenario. Concretely, we calculate the detection rate of a network attack by an IDS and determine the expected number of detections. We perform extensive theoretical and experimental analyses of the problem. The results presented in this paper would be helpful tools for designing and analyzing intrusion detection systems. We propose a probabilistic framework that could be useful for IDS experts; for a network-based IDS that monitors in real-time, analyzing the entire traffic flow can be computationally expensive. By probabilistically sampling only a fraction of the network traffic, the IDS can still perform its task effectively while reducing the computational cost. However, checking only a fraction of the traffic increases the possibility of missing an attack. This research can help IDS designers achieve appropriate detection rates while maintaining a low false alarm rate. The groundwork laid out in this paper could be used for future research on understanding the probabilities related to intrusion detection.