2,121 Hits in 5.2 sec

Principled reasoning and practical applications of alert fusion in intrusion detection systems

Guofei Gu, Alvaro A. Cárdenas, Wenke Lee
2008 Proceedings of the 2008 ACM symposium on Information, computer and communications security - ASIACCS '08  
In this paper, we study the following problem: how to make a good fusion decision on the alerts from multiple detectors in order to improve the final performance.  ...  Through theoretical reasoning and experiments using multiple IDSs on several data sets, we show that our technique is more flexible and also outperforms other existing fusion techniques such as AND, OR  ...  In [6] , Bass pointed out that the art and science of (multisensor) data fusion is applicable to intrusion detection, and discussed several challenges in IDS fusion.  ... 
doi:10.1145/1368310.1368332 dblp:conf/ccs/GuCL08 fatcat:rscr3ijpyzh2xja63osxj7tqri

Multisensor Agent Based Intrusion Detection

Richard A. Wasniowski
2007 Zenodo  
In this paper we propose a framework for multisensor intrusion detection called Fuzzy Agent-Based Intrusion Detection System.  ...  Use of this feature reduces the overhead in a distributed intrusion detection system. We have developed an agent communication architecture that provides a prototype implementation.  ...  One promising approach to addressing the intrusion problems is through the use of distributed network intrusion detection systems and information fusion.  ... 
doi:10.5281/zenodo.1058091 fatcat:2aels2aesff4dikbryyseuehni

Sensor Fusion for Enhancement in Intrusion Detection [chapter]

Ciza Thomas, Balakrishnan Narayanaswamy
2011 Sensor Fusion - Foundation and Applications  
(15) , the correlation of Intrusion Symptoms with an application of chronicles by Morin et al. (16) , and aggregation and correlation of intrusion-detection alerts by Debar et al. (17) .  ...  Section 4 includes the modeling of the fusion of Intrusion Detection Systems.  ... 
doi:10.5772/21550 fatcat:jbas5rcedzgeznnxyv4byqubfm

Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems

Leandros A. Maglaras, Jianmin Jiang, Tiago J. Cruz
2016 Journal of Information Security and Applications  
For this reason, an aggregation mechanism that groups initial alerts and sends a limited number of messages reporting the fault/intrusion accurately and on time is needed.  ...  Ensemble systems of classifiers are widely used for intrusion detection in networks [5, 21] .  ...  For this reason we implement a fusion procedure which groups alerts per source node and gives final scores to aggregated alerts based on the initial values and the number of similar initial alerts.  ... 
doi:10.1016/j.jisa.2016.04.002 fatcat:drvycqpujbhk7cul4x2rud7pxe

Prioritizing intrusion analysis using Dempster-Shafer theory

Loai Zomlot, Sathya Chandran Sundaramurthy, Kui Luo, Xinming Ou, S. Raj Rajagopalan
2011 Proceedings of the 4th ACM workshop on Security and artificial intelligence - AISec '11  
The root cause of this problem is the large rate of false positives in the sensors used by Intrusion Detection System (IDS) systems, reducing the value of the alerts to an administrator.  ...  Intrusion analysis and incident management remains a difficult problem in practical network security defense.  ...  ACKNOWLEDGMENTS We would like to thank the anonymous reviewers for their valuable feedback and Alvaro Cardenas, the shepherd of our paper, in preparing for the final version. This material is  ... 
doi:10.1145/2046684.2046694 dblp:conf/ccs/ZomlotSLOR11 fatcat:q4uvxuaipjefnkissewal6jnd4

The cybercrime process : an overview of scientific challenges and methods

Patrick Lallement
2013 International Journal of Advanced Computer Science and Applications  
The aim of this article is to describe the cybercrime process and to identify all issues that appear at the different steps, between the detection of incident to the final report that must be exploitable  ...  It is to identify at all steps, issues and methods to address them.  ...  Intrusion detection It is made with Intrusion Detection Systems (IDS) [4] .  ... 
doi:10.14569/ijacsa.2013.041211 fatcat:dbyy6kbp4zeqtnuytz5mdl7d7y

Combining ensemble methods and social network metrics for improving accuracy of OCSVM on intrusion detection in SCADA systems [article]

Leandros A. Maglaras, Jianmin Jiang, Tiago J. Cruz
2015 arXiv   pre-print
The presence of a real time intrusion detection mechanism, which can cope with different types of attacks, is of great importance, in order to defend a system against cyber attacks This defense mechanism  ...  Recently an integrated detection mechanism, namely IT-OCSVM was proposed, which is distributed in a SCADA network as a part of a distributed intrusion detection system (IDS), providing accurate data about  ...  For this reason we implement a fusion procedure which groups alerts per source node and gives final scores to aggregated alerts based on the initial values and the number of similar initial alerts.  ... 
arXiv:1507.02825v2 fatcat:los2xqsmrzdijkg5xrfkxbwfxm

Intrusion detection and virology: an analysis of differences, similarities and complementariness

Benjamin Morin, Ludovic Mé
2007 Journal in Computer Virology  
In this paper, we analyze the differences, similarities and complementariness which exist between two major domains of nowadays information security: intrusion detection on one hand, virology and antiviruses  ...  In the conclusion, we summarize our analysis and suggest that alert correlation is one way to make the two fields cooperate.  ...  The principles of knowledge-based intrusion detection are the same as classical anti-virus systems.  ... 
doi:10.1007/s11416-007-0036-2 fatcat:4brnvijahzco3jodouedfidy6a

Data Fusion for Network Intrusion Detection: A Review

Guoquan Li, Zheng Yan, Yulong Fu, Hanlu Chen
2018 Security and Communication Networks  
As a component of defense-in-depth, Network Intrusion Detection System (NIDS) has been expected to detect malicious behaviors.  ...  However, the literature still lacks thorough analysis and evaluation on data fusion techniques in the field of intrusion detection.  ...  In [1] , Tian et al. fused the alerts through Snort to test the performance of their proposed detection fusion system.  ... 
doi:10.1155/2018/8210614 fatcat:v3s5acnt65gevp34k5hj4at2ra

Alert Correlation for Cyber-Manufacturing Intrusion Detection

Mingtao Wu, Young Moon
2019 Procedia Manufacturing  
The study of capacity optimization and costing models is an important research topic that deserves contributions from both the practical and theoretical perspectives.  ...  In this context, capacity optimization goes beyond the traditional aim of capacity maximization, contributing also for organization's profitability and value.  ...  The source of the alerts can be one or multiple host-based intrusion detection systems (HIDS) and network-based intrusion detection systems (NIDS).  ... 
doi:10.1016/j.promfg.2019.06.197 fatcat:uprffw3rbfe35ljhtkipuuseze

Intrusion detection: a brief history and overview

R.A. Kemmerer, G. Vigna
2002 Computer  
Intrusion Detection: A Brief History and Overview S uppose a strange man is standing in front of your house.  ...  This question is often asked of intrusion detection advocates. Why bother detecting intrusions if you've installed firewalls, patched operating systems, and checked passwords for soundness?  ...  This alert correlation or fusion-identifying intrusion patterns based on different sensor alerts-is one of the most challenging problems in intrusion detection today.  ... 
doi:10.1109/mc.2002.1012428 fatcat:ps3jytuperagbh724ezplhzb6q

Towards scalable and robust distributed intrusion alert fusion with good load balancing

Zhichun Li, Yan Chen, Aaron Beach
2006 Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense - LSAD '06  
Most existing distributed intrusion detection systems (DIDS) rely on centralized fusion, or distributed fusion with unscalable communication mechanisms.  ...  Traffic anomalies and distributed attacks are commonplace in today's networks. Single point detection is often insufficient to determine the causes, patterns and prevalence of such events.  ...  The current state of the art in intrusion detection research is to use a combination of networkbased intrusion detection systems (NIDS) and host-based intrusion detection systems (HIDS) to protect computer  ... 
doi:10.1145/1162666.1162669 fatcat:evs2xsmtejew7cx7osyobp2jaa

Cyber SA: Situational Awareness for Cyber Defense [chapter]

Paul Barford, Marc Dacier, Thomas G. Dietterich, Matt Fredrikson, Jon Giffin, Sushil Jajodia, Somesh Jha, Jason Li, Peng Liu, Peng Ning, Xinming Ou, Dawn Song (+5 others)
2009 Advances in Information Security  
Acknowledgements We would like to thank the Army Research Office for sponsoring the workshop on Cyber Situation Awareness held at George Mason University in March 3-4, 2009.  ...  Many internet protocols are insecure, software applications are often buggy, and security measures such as firewalls and intrusion detection systems are complex and error prone.  ...  Situation perception is beyond intrusion detection. Intrusion detection is a very primitive element of this aspect.  ... 
doi:10.1007/978-1-4419-0140-8_1 fatcat:d7dusfqxizeplmnxts636huu4i

Correlation Analysis Between Honeypot Data and IDS Alerts Using One-class SVM [chapter]

Jungsuk Song, Hiroki Takakura, Yasuo Okabe, Yongjin Kwo
2011 Intrusion Detection Systems  
Yu, et al. proposed a framework for alert correlation and understanding in intrusion detection system.  ...  Bass firstly introduced data fusion techniques in military applications for improving performance of next-generation IDS (Bass, 2000) .  ... 
doi:10.5772/13951 fatcat:mgukgwojijc5dksg2xvzj72egi

A Study on Various protocols Developed under Intrusion Detection System in Adhoc Networks

Jatinder Singh
2012 IOSR Journal of Computer Engineering  
This paper presents some of the best well known Intrusion detection techniques and appropriate protocols which were proposed for intrusion detection and anomaly detection in the recent years under various  ...  There are massive attacks and efficient viruses travel across the network which incapacitates computer system and default configuration of the operating system.  ...  Intrusion Detection System (IDS) is normally practiced for identifying malicious activities and their resources.  ... 
doi:10.9790/0661-0744045 fatcat:nxhwallagfehnfx64tmsekkadq
« Previous Showing results 1 — 15 out of 2,121 results