A maximum entropy approach to natural language processing
Computational Linguistics
Intrusion detection systems and multisensor data fusion
Communications of the ACM
Balancing cooperation and risk in intrusion detection
ACM Transactions on Information and System Security (TISSEC)
Mathematical Techniques in Multisensor Data Fusion
Mathematical Techniques in Multisensor Data Fusion
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Towards multisensor data fusion for DoS detection
Proceedings of the 2004 ACM symposium on Applied computing
Analysis of distributed intrusion detection systems using Bayesian methods
PCC '02 Proceedings of the Performance, Computing, and Communications Conference, 2002. on 21st IEEE International
Analyzing intensive intrusion alerts via correlation
RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
High speed and robust event correlation
IEEE Communications Magazine
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
REFACING: An autonomic approach to network security based on multidimensional trustworthiness
Computer Networks: The International Journal of Computer and Telecommunications Networking
Information fusion for computer security: State of the art and open issues
Information Fusion
Prioritizing intrusion analysis using Dempster-Shafer theory
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Automatically building datasets of labeled IP traffic traces: A self-training approach
Applied Soft Computing
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
Security event correlation approach for cloud computing
International Journal of High Performance Computing and Networking
An automatic and self-adaptive multi-layer data fusion system for WiFi attack detection
International Journal of Internet Technology and Secured Transactions
Hi-index | 0.00 |
Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources such as hosts and sub-networks to determine whether and how to respond to an attack. However, alerts from different locations should not be treated equally. We propose improving and assessing alert accuracy by incorporating an algorithm based on the exponentially weighted Dempster-Shafer (D-S) Theory of Evidence. Our approach uses D-S theory to combine beliefs in certain hypotheses under conditions of uncertainty and ignorance, and allows quantitative measurement of the belief and plausibility in our detection results. Our initial evaluations on the DARPA IDS evaluation data set show that our alert fusion algorithm can improve alert quality over those from Hidden Colored Petri-Net (HCPN) based alert correlation components installed at the demilitarized zone (DMZ) and inside network sites. Due to alert confidence fusion in our example, the detection rate rises from 75% to 93.8%, without adversely affecting the false positive rate.