Sciweavers

GAMESEC
2010

Effective Multimodel Anomaly Detection Using Cooperative Negotiation

13 years 8 months ago
Effective Multimodel Anomaly Detection Using Cooperative Negotiation
Abstract. Many computer protection tools incorporate learning techniques that build mathematical models to capture the characteristics of system's activity and then check whether live system's activity fits the learned models. This approach, referred to as anomaly detection, has enjoyed immense popularity because of its effectiveness at recognizing unknown attacks (under the assumption that attacks cause glitches in the protected system). Typically, instead of building a single complex model, smaller, partial models are constructed, each capturing different features of the monitored activity. Such multimodel paradigm raises the non-trivial issue of combining each partial model to decide whether or not the activity contains signs of attacks. Various mechanisms can be chosen, ranging from a simple weighted average to Bayesian networks, or more sophisticated strategies. In this paper we show how different aggregation functions can influence the detection accuracy. To mitigate th...
Alberto Volpatto, Federico Maggi, Stefano Zanero
Added 11 Feb 2011
Updated 11 Feb 2011
Type Journal
Year 2010
Where GAMESEC
Authors Alberto Volpatto, Federico Maggi, Stefano Zanero
Comments (0)