Sciweavers

ACSAC
2003
IEEE

Bayesian Event Classification for Intrusion Detection

14 years 3 months ago
Bayesian Event Classification for Intrusion Detection
Intrusion detection systems (IDSs) attempt to identify attacks by comparing collected data to predefined signatures known to be malicious (misuse-based IDSs) or to a model of legal behavior (anomaly-based IDSs). Anomaly-based approaches have the advantage of being able to detect previously unknown attacks, but they suffer from the difficulty of building robust models of acceptable behavior which may result in a large number of false alarms. Almost all current anomaly-based intrusion detection systems classify an input event as normal or anomalous by analyzing its features, utilizing a number of different models. A decision for an input event is made by aggregating the results of all employed models. We have identified two reasons for the large number of false alarms, caused by incorrect classification of events in current systems. One is the simplistic aggregation of model outputs in the decision phase. Often, only the sum of the model results is calculated and compared to a threshold...
Christopher Krügel, Darren Mutz, William K. R
Added 23 Aug 2010
Updated 23 Aug 2010
Type Conference
Year 2003
Where ACSAC
Authors Christopher Krügel, Darren Mutz, William K. Robertson, Fredrik Valeur
Comments (0)