Can user models be learned at all? Inherent problems in machine learning for user modelling
The Knowledge Engineering Review
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Privacy intrusion detection using dynamic Bayesian networks
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
An overview of anomaly detection techniques: Existing solutions and latest technological trends
Computer Networks: The International Journal of Computer and Telecommunications Networking
Principled reasoning and practical applications of alert fusion in intrusion detection systems
Proceedings of the 2008 ACM symposium on Information, computer and communications security
Specific attack adjusted Bayesian network for intrusion detection system
MCBC'08 Proceedings of the 9th WSEAS International Conference on Mathematics & Computers In Biology & Chemistry
Continuous Time Bayesian Networks for Host Level Network Intrusion Detection
ECML PKDD '08 Proceedings of the European conference on Machine Learning and Knowledge Discovery in Databases - Part II
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
A Multi-Sensor Model to Improve Automated Attack Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Filtering False Positives Based on Server-Side Behaviors
IEICE - Transactions on Information and Systems
ACM Computing Surveys (CSUR)
Design of an intrusion detection system based on Bayesian networks
WSEAS Transactions on Computers
Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly
Tuning complex event processing rules using the prediction-correction paradigm
Proceedings of the Third ACM International Conference on Distributed Event-Based Systems
A multi-model approach to the detection of web-based attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Protecting a Moving Target: Addressing Web Application Concept Drift
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Exploiting execution context for the detection of anomalous system calls
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Securing computerised models and data against integrity attacks
International Journal of Electronic Finance
The use of artificial intelligence based techniques for intrusion detection: a review
Artificial Intelligence Review
Intrusion detection using continuous time Bayesian networks
Journal of Artificial Intelligence Research
Motif-based attack detection in network communication graphs
CMS'11 Proceedings of the 12th IFIP TC 6/TC 11 international conference on Communications and multimedia security
On random-inspection-based intrusion detection
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Auditing and inference control for privacy preservation in uncertain environments
EuroSSC'06 Proceedings of the First European conference on Smart Sensing and Context
Cooperative intrusion detection for web applications
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Traffic pattern analysis for distributed anomaly detection
PPAM'11 Proceedings of the 9th international conference on Parallel Processing and Applied Mathematics - Volume Part II
Review: A review of novelty detection
Signal Processing
| Hi-index | 0.00 |
Intrusion detection systems (IDSs) attempt to identify attacksby comparing collected data to predefined signaturesknown to be malicious (misuse-based IDSs) or to a modelof legal behavior (anomaly-based IDSs). Anomaly-basedapproaches have the advantage of being able to detect previouslyunknown attacks, but they suffer from the difficultyof building robust models of acceptable behavior which mayresult in a large number of false alarms. Almost all currentanomaly-based intrusion detection systems classify an inputevent as normal or anomalous by analyzing its features,utilizing a number of different models. A decision for an inputevent is made by aggregating the results of all employedmodels.We have identified two reasons for the large number offalse alarms, caused by incorrect classification of events incurrent systems. One is the simplistic aggregation of modeloutputs in the decision phase. Often, only the sum of themodel results is calculated and compared to a threshold.The other reason is the lack of integration of additionalinformation into the decision process. This additional informationcan be related to the models, such as the confidencein a model's output, or can be extracted from externalsources. To mitigate these shortcomings, we proposean event classification scheme that is based on Bayesiannetworks. Bayesian networks improve the aggregation ofdifferent model outputs and allow one to seamlessly incorporateadditional information. Experimental results showthat the accuracy of the event classification process is significantlyimproved using our proposed approach.