Name
Abstract | ||
|---|---|---|
We present a method that improves the results of network intrusion detection by integrating several anomaly detection algorithms through trust and reputation models. Our algorithm is based on existing network behavior analysis approaches that are embodied into several detection agents. We divide the processing into three distinct phases: anomaly detection, trust model update and collective trusting decision. Each of these phases contributes to the reduction of classification error rate, by the aggregation of anomaly values provided by individual algorithms, individual update of each agent's trust model based on distinct traffic representation features (derived from its anomaly detection model), and re-aggregation of the trustfulness data provided by individual agents. The result is a trustfulness score for each network flow, which can be used to guide the manual inspection, thus significantly reducing the amount of traffic to analyze. To evaluate the effectiveness of the method, we present a set of experiments performed on real network data. |
Year | DOI | Venue |
|---|---|---|
2008 | 10.1007/978-3-540-85834-8_11 | CIA |
Keywords | Field | DocType |
anomaly value,anomaly detection,detection agent,network flow,trust-based classifier combination,network intrusion detection,real network data,network behavior analysis approach,network anomaly detection,anomaly detection algorithm,individual agent,anomaly detection model,error rate,behavior analysis | Flow network,Anomaly detection,Data mining,Feature vector,Computer science,Word error rate,Artificial intelligence,Classifier (linguistics),Fuzzy number,Intrusion detection system,Machine learning,Reputation | Conference |
Volume | ISSN | Citations |
5180 | 0302-9743 | 10 |
PageRank | References | Authors |
0.89 | 24 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Martin Rehak | 1 | 251 | 28.57 |
| Michal Pěchouček | 2 | 1134 | 133.88 |
| Martin Grill | 3 | 101 | 10.79 |
| Karel Bartos | 4 | 110 | 12.60 |