Intrusion detection systems and multisensor data fusion
Communications of the ACM
Performance analysis of the CONFIDANT protocol
Proceedings of the 3rd ACM international symposium on Mobile ad hoc networking & computing
Using Dempster-Shafer's Theory of Evidence to Combine Aspects of Information Use
Journal of Intelligent Information Systems
The Vision of Autonomic Computing
Computer
Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks
Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Comprehensive Approach to Intrusion Detection Alert Correlation
IEEE Transactions on Dependable and Secure Computing
Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory
Proceedings of the 43rd annual Southeast regional conference - Volume 2
Analysis of distributed intrusion detection systems using Bayesian methods
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Ensemble methods for noise elimination in classification problems
MCS'03 Proceedings of the 4th international conference on Multiple classifier systems
Information fusion for computer security: State of the art and open issues
Information Fusion
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
| Hi-index | 0.00 |
Several research efforts have recently focused on achieving distributed anomaly detection in an effective way. As a result, new information fusion algorithms and models have been defined and applied in order to correlate information from multiple intrusion detection sensors distributed inside the network. In this field, an approach which is gaining momentum in the international research community relies on the exploitation of the Dempster-Shafer (D-S) theory. Dempster and Shafer have conceived a mathematical theory of evidence based on belief functions and plausible reasoning, which is used to combine separate pieces of information (evidence) to compute the probability of an event. However, the adoption of the D-S theory to improve distributed anomaly detection efficiency generally involves facing some important issues. The most important challenge definitely consists in sorting the uncertainties in the problem into a priori independent items of evidence. We believe that this can be effectively carried out by looking at some of the principles of autonomic computing in a self-adaptive fashion, i.e. by introducing support for self-management, self-configuration and self-optimization functionality. In this paper, we intend to tackle some of the above mentioned issues by proposing the application of the D-S theory to network information fusion. This will be done by proposing a model for a self-management supervising layer exploiting the innovative concept of multidimensional reputation, which we have called REFACING (RElationship-FAmiliarity-Confidence-INteGrity).