Improving Anomaly Detection Error Rate by Collective Trust Modeling

Authors:
Martin Rehák;Michal Pĕchouček;Karel Bartoš;Martin Grill;Pavel Čeleda;Vojtĕch Krmíček
Affiliations:
Department of Cybernetics, Czech Technical University in Prague,;Department of Cybernetics, Czech Technical University in Prague,;CESNET, z. s. p. o., and Department of Cybernetics, Czech Technical University in Prague,;CESNET, z. s. p. o., and Department of Cybernetics, Czech Technical University in Prague,;Institute of Computer Science, Masaryk University,;Institute of Computer Science, Masaryk University,
Venue:
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Year:
2008

Citing 4
Cited 1

A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
Intrusion detection in computer networks by a modular ensemble of one-class classifiers

Information Fusion
Trust Modeling with Context Representation and Generalized Identities

CIA '07 Proceedings of the 11th international workshop on Cooperative Information Agents XI
Trust-Based Classifier Combination for Network Anomaly Detection

CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII

Runtime Monitoring and Dynamic Reconfiguration for Intrusion Detection Systems

RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection

Quantified Score

Hi-index	0.00

Visualization

Abstract

Current Network Behavior Analysis (NBA) techniques are based on anomaly detection principles and therefore subject to high error rates. We propose a mechanism that deploys trust modeling, a technique for cooperator modeling from the multi-agent research, to improve the quality of NBA results. Our system is designed as a set of agents, each of them based on an existing anomaly detection algorithm coupled with a trust model based on the same traffic representation. These agents minimize the error rate by unsupervised, multi-layer integration of traffic classification. The system has been evaluated on real traffic in Czech academic networks.