A course in fuzzy systems and control
A course in fuzzy systems and control
Intrusion detection with neural networks
NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
A simple, fast, and effective rule learner
AAAI '99/IAAI '99 Proceedings of the sixteenth national conference on Artificial intelligence and the eleventh Innovative applications of artificial intelligence conference innovative applications of artificial intelligence
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
Winning the KDD99 classification cup: bagged boosting
ACM SIGKDD Explorations Newsletter
KDD-99 classifier learning contest LLSoft's results overview
ACM SIGKDD Explorations Newsletter
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Decision tree classifiers for computer intrusion detection
Real-time system security
A Multi-Class SLIPPER System for Intrusion Detection
COMPSAC '04 Proceedings of the 28th Annual International Computer Software and Applications Conference - Volume 01
An efficient intrusion detection system using a boosting-based learning algorithm
International Journal of Computer Applications in Technology
An Automatically Tuning Intrusion Detection System
IEEE Transactions on Systems, Man, and Cybernetics, Part B: Cybernetics
A Doctrine of Cognitive Informatics (CI)
Fundamenta Informaticae - Cognitive Informatics, Cognitive Computing, and Their Denotational Mathematical Foundations (I)
Developing insider attack detection model: a grounded approach
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Cooperation modeling for intrusion detection system based on multi-SoftMan
ASID'09 Proceedings of the 3rd international conference on Anti-Counterfeiting, security, and identification in communication
Gray networking: a step towards next generation computer networks
Proceedings of the 2010 ACM Symposium on Applied Computing
A survey of formal methods in self-adaptive systems
Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering
A Doctrine of Cognitive Informatics (CI)
Fundamenta Informaticae - Cognitive Informatics, Cognitive Computing, and Their Denotational Mathematical Foundations (I)
A self-tuning self-optimizing approach for automated network anomaly detection systems
Proceedings of the 9th international conference on Autonomic computing
A-GHSOM: An adaptive growing hierarchical self organizing map for network anomaly detection
Journal of Parallel and Distributed Computing
Automated Anomaly Detector Adaptation using Adaptive Threshold Tuning
ACM Transactions on Information and System Security (TISSEC)
A Systematic Survey of Self-Protecting Software Systems
ACM Transactions on Autonomous and Adaptive Systems (TAAS) - Special Section on Best Papers from SEAMS 2012
| Hi-index | 0.00 |
An intrusion detection system (IDS) is a security layer to detect ongoing intrusive activities in computer systems and networks. Current IDS have two main problems: The first problem is that typically so many alarms are generated as to overwhelm the system operator, many of these being false alarms. The second problem is that continuous tuning of the intrusion detection model is required in order to maintain sufficient performance due to the dynamically changing nature of the monitored system. This manual tuning process relies on the system operators to work out the updated tuning solution and to integrate it into the detection model. In this article, we present an automatically tuning intrusion detection system, which controls the number of alarms output to the system operator and tunes the detection model on the fly according to feedback provided by the system operator when false predictions are identified. This system adapts its behavior (i) by throttling the volume of alarms output to the operator in response to the ability of the operator to respond to these alarms, and (ii) by deciding how aggressively the detection model should be tuned based on the accuracy of earlier predictions. We evaluated our system using the KDDCup'99 intrusion detection dataset. Our results show that an adaptive, automatically tuning intrustion detection system will be both practical and efficient.