Abstract
Nowadays, various security tools and technologies can be used to provide protection to large enterprise networks and raise alerts for intrusion detection. However, it is still very challenging to detect zero-day attacks. There is research work that uses Bayesian networks to identify zero-day attack paths. The Bayesian network is developed on top of the system object dependency graph. However, scalability becomes an issue when the size of the Bayesian network becomes large. In addition, as more system calls are collected over time, the size of the Bayesian network will increase, making scalability an even bigger problem. Therefore, we propose a novel approach to address the scalability issue of the Bayesian network when using it to identify the zero-day attack paths. The project focuses on three significant parts: division of a single large Bayesian network, a virtual connection of multiple sub-Bayesian networks, and the Bayesian inference between sub-Bayesian networks to find the complete zero-day attack paths. The division of a large Bayesian network into smaller parts reduces the time needed to calculate probabilities and update the Bayesian networks. In the proposed approach, multiple Bayesian networks can virtually connect with each other to work as an entire network and find the complete zero-day attack path. The experimental results demonstrate the effectiveness of this scalable Bayesian network approach.