Application of Bayesian belief networks and fuzzy cognitive maps in intrusion analysis

Bayesian belief networks (BBN) and fuzzy cognitive maps (FCM) are two major causal knowledge frameworks that are frequently used in various domains for cause and effect analysis. However, most researchers use these as separate approaches to analyse the cause(s) and effect(s) of an event. In practice, both methods have their own strengths and weaknesses in both causal modelling and causal analysis. In this paper, a combination of BBN and FCM is used in order to model and analyse network intrusions. First, the BBN is learnt from network intrusion data; following this, an FCM is generated from the BBN, using a migration method. A data-mining approach is suitable for use in the construction of a BBN for network intrusion since this is a data-rich domain, while an FCM is appropriate for the intuitive representation of complex domains. The proposed method of network intrusion analysis using both BBN and FCM consists of several stages, in order to leverage the capabilities of each approach in building the causal model and performing causal analysis. Both the intuitive representation of the causal model in FCM and the wide variety of reasoning methods supported by BBN are exploited in this research to facilitate network intrusion analysis.