IEEE Transactions on Software Engineering - Special issue on computer security and privacy
On ordered weighted averaging aggregation operators in multicriteria decisionmaking
IEEE Transactions on Systems, Man and Cybernetics
Ensemble Methods in Machine Learning
MCS '00 Proceedings of the First International Workshop on Multiple Classifier Systems
Sabotage-Tolerance Mechanisms for Volunteer Computing Systems
CCGRID '01 Proceedings of the 1st International Symposium on Cluster Computing and the Grid
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Diagnosing network-wide traffic anomalies
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Mining anomalies using traffic feature distributions
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Result Verification and Trust-Based Scheduling in Peer-to-Peer Grids
P2P '05 Proceedings of the Fifth IEEE International Conference on Peer-to-Peer Computing
Reducing unwanted traffic in a backbone network
SRUTI'05 Proceedings of the Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop
Towards Trust-Based Acquisition of Unverifiable Information
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
Trust-Based Classifier Combination for Network Anomaly Detection
CIA '08 Proceedings of the 12th international workshop on Cooperative Information Agents XII
Evading Anomaly Detection through Variance Injection Attacks on PCA
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Improving Anomaly Detection Error Rate by Collective Trust Modeling
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Semantic-Driven Model Composition for Accurate Anomaly Diagnosis
ICAC '08 Proceedings of the 2008 International Conference on Autonomic Computing
Attack Grammar: A New Approach to Modeling and Analyzing Network Attack Sequences
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
M2D2: a formal data model for IDS alert correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
Effective multimodel anomaly detection using cooperative negotiation
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
On the Value of Coordination in Distributed Self-Adaptation of Intrusion Detection System
WI-IAT '11 Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 02
Tracking malicious hosts on a 10gbps backbone link
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
A self-tuning self-optimizing approach for automated network anomaly detection systems
Proceedings of the 9th international conference on Autonomic computing
Re-examining the performance bottleneck in a NIDS with detailed profiling
Journal of Network and Computer Applications
Hi-index | 0.00 |
Our work proposes a generic architecture for runtime monitoring and optimization of IDS based on the challenge insertion. The challenges, known instances of malicious or legitimate behavior, are inserted into the network traffic represented by NetFlow records, processed with the current traffic and the system's response to the challenges is used to determine its effectiveness and to fine-tune its parameters. The insertion of challenges is based on the threat models expressed as attack trees with attached risk/loss values. The use of threat model allows the system to measure the expected undetected loss and to improve its performance with respect to the relevant threats, as we have verified in the experiments performed on live network traffic.