Kombinovani metod detekce anomalii pomoci modelovani duveryhodnosti

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F08%3A03152821" target="_blank" >RIV/68407700:21230/08:03152821 - isvavai.cz</a>

Výsledek na webu

—

DOI - Digital Object Identifier

—

Jazyk výsledku

angličtina

Název v původním jazyce

Trust Based Classifier Combination for Network Anomaly Detection

Popis výsledku v původním jazyce

We present a method that improves the results of network intrusion detection by integrating several anomaly detection algorithms through trust and reputation models. Our algorithm is based on existing network behavior analysis approaches that are embodied into several detection agents. We divide the processing into three distinct phases: anomaly detection, trust model update and collective trusting decision. Each of these phases contributes to the reduction of classification error rate, by the aggregation of anomaly values provided by individual algorithms, individual update of each agent's trust model based on distinct traffic representation features (derived from its anomaly detection model), and re-aggregation of the trustfulness data provided by individual agents. The result is a trustfulness score for each network flow, which can be used to guide the manual inspection, thus significantly reducing the amount of traffic to analyze.

Název v anglickém jazyce

Trust Based Classifier Combination for Network Anomaly Detection

Popis výsledku anglicky

We present a method that improves the results of network intrusion detection by integrating several anomaly detection algorithms through trust and reputation models. Our algorithm is based on existing network behavior analysis approaches that are embodied into several detection agents. We divide the processing into three distinct phases: anomaly detection, trust model update and collective trusting decision. Each of these phases contributes to the reduction of classification error rate, by the aggregation of anomaly values provided by individual algorithms, individual update of each agent's trust model based on distinct traffic representation features (derived from its anomaly detection model), and re-aggregation of the trustfulness data provided by individual agents. The result is a trustfulness score for each network flow, which can be used to guide the manual inspection, thus significantly reducing the amount of traffic to analyze.

Druh

D - Stať ve sborníku

CEP obor

JC - Počítačový hardware a software

OECD FORD obor

—

Projekt

—

Návaznosti

Z - Vyzkumny zamer (s odkazem do CEZ)

Rok uplatnění

2008

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Cooperative Information Agents XII

ISBN

978-3-540-85833-1

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

15

Strana od-do

—

Název nakladatele

Springer

Místo vydání

Heidelberg

Místo konání akce

Prague

Datum konání akce

10. 9. 2008

Typ akce podle státní příslušnosti

EUR - Evropská akce

Kód UT WoS článku

000259441000011