Dynamic combination of multiple host-based anomaly detectors with broader detection coverage and fewer false alerts

Authors:
Zonghua Zhang;Hong Shen
Affiliations:
School of Information Science, Japan Advanced Institute of Science and Technology, Ishikwa, Japan;School of Information Science, Japan Advanced Institute of Science and Technology, Ishikwa, Japan
Venue:
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
Year:
2005

Citing 3
Cited 0

A Multi-Agent Policy-Gradient Approach to Network Routing

ICML '01 Proceedings of the Eighteenth International Conference on Machine Learning
A sense of self for Unix processes

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Probabilistic techniques for intrusion detection based on computer audit data

IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans

Quantified Score

Hi-index	0.00

Visualization

Abstract

To achieve broader detection coverage with fewer false alarms, a POMDP-based anomaly detection model combining several sate-of-the-art host-based anomaly detectors is proposed in this paper. An optimal combinatorial manner is expected to be discovered through a policy-gradient reinforcement learning algorithm, based on the independent actions of those detectors, and the behavior of the proposed model can be adjusted through a global reward signal to adapt to various system situations. A primarily experiment with some comparative studies are carried out to validate its performance.