ACM Transactions on Information and System Security (TISSEC)
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Learning nonstationary models of normal network traffic for detecting novel attacks
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Fusion of multiple classifiers for intrusion detection in computer networks
Pattern Recognition Letters
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
On Evaluating Performance of Classifiers for Rare Classes
ICDM '02 Proceedings of the 2002 IEEE International Conference on Data Mining
Results of the KDD'99 classifier learning
ACM SIGKDD Explorations Newsletter
A machine learning approach to detecting attacks by identifying anomalies in network traffic
A machine learning approach to detecting attacks by identifying anomalies in network traffic
Intrusion Sensor Data Fusion in an Intelligent Intrusion Detection System Architecture
HICSS '04 Proceedings of the Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS'04) - Track 9 - Volume 9
Towards multisensor data fusion for DoS detection
Proceedings of the 2004 ACM symposium on Applied computing
Alarm clustering for intrusion detection systems in computer networks
Engineering Applications of Artificial Intelligence
Decision tree based light weight intrusion detection using a wrapper approach
Expert Systems with Applications: An International Journal
CAFS: a novel lightweight cache-based scheme for large-scale intrusion alert fusion
Concurrency and Computation: Practice & Experience
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
| Hi-index | 0.00 |
Various intrusion detection systems (IDSs) reported in the literature have shown distinct preferences for detecting a certain class of attack with improved accuracy, while performing moderately on the other classes. In view of the enormous computing power available in the present-day processors, deploying multiple IDSs in the same network to obtain best-of-breed solutions has been attempted earlier. The paper presented here addresses the problem of optimizing the performance of IDSs using sensor fusion with multiple sensors. The trade-off between the detection rate and false alarms with multiple sensors is highlighted. It is illustrated that the performance of the detector is better when the fusion threshold is determined according to the Chebyshev inequality. In the proposed data-dependent decision (DD) fusion method, the performance optimization of individual IDSs is first addressed. A neural network supervised learner has been designed to determine the weights of individual IDSs depending on their reliability in detecting a certain attack. The final stage of this DD fusion architecture is a sensor fusion unit which does the weighted aggregation in order to make an appropriate decision. This paper theoretically models the fusion of IDSs for the purpose of demonstrating the improvement in performance, supplemented with the empirical evaluation.