IEEE Transactions on Software Engineering - Special issue on computer security and privacy
Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
C4.5: programs for machine learning
C4.5: programs for machine learning
Enhancements to the data mining process
Enhancements to the data mining process
Machine Learning - Special issue on learning with probabilistic representations
Towards a taxonomy of intrusion-detection systems
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
Introduction to Bayesian Networks
Introduction to Bayesian Networks
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Machine Learning
Adaptive, Model-Based Monitoring for Cyber Attack Detection
RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Aggregation and Correlation of Intrusion-Detection Alerts
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Neural Network Component for an Intrusion Detection System
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Clinical and financial outcomes analysis with existing hospital patient records
Proceedings of the ninth ACM SIGKDD international conference on Knowledge discovery and data mining
Naive Bayes vs decision trees in intrusion detection systems
Proceedings of the 2004 ACM symposium on Applied computing
Dependent Dirichlet priors and optimal linear estimators for belief net parameters
UAI '04 Proceedings of the 20th conference on Uncertainty in artificial intelligence
Anomalous system call detection
ACM Transactions on Information and System Security (TISSEC)
Privacy intrusion detection using dynamic Bayesian networks
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
A Probabilistic Approach for Network Intrusion Detection
AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
Anomaly-Based Intrusion Detection Using Bayesian Networks
DEPCOS-RELCOMEX '08 Proceedings of the 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX
Two Stratum Bayesian Network Based Anomaly Detection Model for Intrusion Detection System
ISECS '08 Proceedings of the 2008 International Symposium on Electronic Commerce and Security
On the Use of Decision Trees as Behavioral Approaches in Intrusion Detection
ICMLA '08 Proceedings of the 2008 Seventh International Conference on Machine Learning and Applications
Modeling and Reasoning with Bayesian Networks
Modeling and Reasoning with Bayesian Networks
Computational Statistics & Data Analysis
AAAI'05 Proceedings of the 20th national conference on Artificial intelligence - Volume 2
Learning probabilistic relational models
IJCAI'99 Proceedings of the 16th international joint conference on Artificial intelligence - Volume 2
Learning Bayesian network parameters under order constraints
International Journal of Approximate Reasoning
Comparing anomaly detection techniques for HTTP
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
An analysis of Bayesian classifiers
AAAI'92 Proceedings of the tenth national conference on Artificial intelligence
On the Use of Naive Bayesian Classifiers for Detecting Elementary and Coordinated Attacks
Fundamenta Informaticae
SemCaDo: a serendipitous strategy for learning causal Bayesian networks using ontologies
ECSQARU'11 Proceedings of the 11th European conference on Symbolic and quantitative approaches to reasoning with uncertainty
Object-oriented Bayesian networks
UAI'97 Proceedings of the Thirteenth conference on Uncertainty in artificial intelligence
Context-specific independence in Bayesian networks
UAI'96 Proceedings of the Twelfth international conference on Uncertainty in artificial intelligence
UAI'03 Proceedings of the Nineteenth conference on Uncertainty in Artificial Intelligence
On the combination of logical and probabilistic models for information analysis
Applied Intelligence
Bayesian forecaster using class-based optimization
Applied Intelligence
Approximating discrete probability distributions with dependence trees
IEEE Transactions on Information Theory
On optimum recognition error and reject tradeoff
IEEE Transactions on Information Theory
A distance sum-based hybrid method for intrusion detection
Applied Intelligence
Hi-index | 0.00 |
Bayesian networks are important knowledge representation tools for handling uncertain pieces of information. The success of these models is strongly related to their capacity to represent and handle dependence relations. Some forms of Bayesian networks have been successfully applied in many classification tasks. In particular, naive Bayes classifiers have been used for intrusion detection and alerts correlation. This paper analyses the advantage of adding expert knowledge to probabilistic classifiers in the context of intrusion detection and alerts correlation. As examples of probabilistic classifiers, we will consider the well-known Naive Bayes, Tree Augmented Naïve Bayes (TAN), Hidden Naive Bayes (HNB) and decision tree classifiers. Our approach can be applied for any classifier where the outcome is a probability distribution over a set of classes (or decisions). In particular, we study how additional expert knowledge such as "it is expected that 80 % of traffic will be normal" can be integrated in classification tasks. Our aim is to revise probabilistic classifiers' outputs in order to fit expert knowledge. Experimental results show that our approach improves existing results on different benchmarks from intrusion detection and alert correlation areas.