The base-rate fallacy and its implications for the difficulty of intrusion detection
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Intrusion detection systems and multisensor data fusion
Communications of the ACM
The Mathematics of Infectious Diseases
SIAM Review
Adaptive Intrusion Detection: A Data Mining Approach
Artificial Intelligence Review - Issues on the application of data mining
Abstraction-based intrusion detection in distributed environments
ACM Transactions on Information and System Security (TISSEC)
Distributed Detection and Data Fusion
Distributed Detection and Data Fusion
Practical automated detection of stealthy portscans
Journal of Computer Security
Multivariate Statistical Analysis of Audit Trails for Host-Based Intrusion Detection
IEEE Transactions on Computers
Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse
IEEE Transactions on Software Engineering
Analysis and Results of the 1999 DARPA Off-Line Intrusion Detection Evaluation
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Decentralized Event Correlation for Intrusion Detection
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Information-Theoretic Measures for Anomaly Detection
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
On Computer Viral Infection and the Effect of Immunization
On Computer Viral Infection and the Effect of Immunization
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
| Hi-index | 0.00 |
Fusing information from diverse detectors remains a challenge in the field of intrusion detection. We apply data fusion techniques to fuse alerts generated by different detectors that signal the potential presence of an intrusion. Data fusion has been shown to result in a decrease in false positives while achieving an improved level of detection. By combining detections from fusers on distributed hosts, a system can also detect and track the spread of an intrusion. We proceed to analyze the response time requirements of such a distributed containment system by including an explicit containment parameter in the spreading formulation.