Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2003
IEEE
2003
IEEE
Bayesian Event Classification for Intrusion Detection
Intrusion detection systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of legal behavior (anomaly-based IDSs). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behavior which may result in a large number of false alarms. Almost all current anomaly-based intrusion detection systems classify an input event as normal or anomalous by analyzing its features, utilizing a number of different models. A decision for an input event is made by aggregating the results of all employed models. We have identified two reasons for the large number of false alarms, caused by incorrect classification of events in current systems. One is the simplistic aggregation of model outputs in the decision phase. Often, only the sum of the model results is calculated and compared to a threshold...
Real-time TrafficACSAC 2003 | Additional Information | Anomaly-based Idss | Intrusion Detection Systems | Security Privacy |
Related Content
| Added | 23 Aug 2010 |
| Updated | 23 Aug 2010 |
| Type | Conference |
| Year | 2003 |
| Where | ACSAC |
| Authors | Christopher Krügel, Darren Mutz, William K. Robertson, Fredrik Valeur |
Comments (0)
Researcher Info
|
