Combining Multiple Host-Based Detectors Using Decision Tree

Han, Sang Jun; Cho, Sung Bae

doi:10.1007/978-3-540-24581-0_18

Cited by 11 publications

(6 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The challenges and future directions of intrusion detection technology are evaluated. The techniques discussed in [4], [9] & [14] are sufficient for IDPS to detect and respond to anomalies in real time.…”

Section: Literature Surveymentioning

confidence: 99%

Architecture for Real Time Monitoring and Modeling of Network Behavior for Enhanced Security

Ambika¹,

Nataraj²

2013

IJCA

View full text Add to dashboard Cite

Network security is a rapidly growing and is the major area of concern for every network. Firewalls are used as a security check point in network environment even then different types of security issues keep on emerging. In order to protect the network from illegal access, the concept of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) is been developed. An IDS is a system where the events occurring in a network is monitored and analyzed for identifying the sign of possible incidents. These incidents may either be violations or the threats that are about to happen violating the computer security policies or standard security policies. Java programming language is made use for developing the Intrusion Detection System. JPCap package is used along with winpcap for developing the traffic monitoring system. The network packets are captured online i.e., as they come across the interface of the network. The IDS is aimed to provide the preliminary level of detection techniques so as to secure the systems present in the networks.

show abstract

Section: Literature Surveymentioning

confidence: 99%

Architecture for Real Time Monitoring and Modeling of Network Behavior for Enhanced Security

Ambika¹,

Nataraj²

2013

IJCA

View full text Add to dashboard Cite

show abstract

“…A well trained staff and analyst are required to continuously monitoring the system. Still a huge effort is required to construct new security strategies which are discussed in [6], [7], [8].…”

Section: Literature Reviewmentioning

confidence: 99%

“…This paper [8] proposed intrusion detection techniques by combining multiple hosts in order to detect multiple intrusions and to reduce false-positive rate. Hidden Markov Model (HMM) is a speech recognition technique that is used for modeling the system call events.…”

Section: Literature Reviewmentioning

confidence: 99%

See 1 more Smart Citation

A Study of the Novel Approaches Used in Intrusion Detection and Prevention Systems

Sandhu¹,

Haider²,

Naseer³

et al. 2011

IJIET

View full text Add to dashboard Cite

Abstract-Security is an important and serious issue for every type of network. Many network environments specially those where computers are used as nodes are prone to an increasing number of security threats in the form of Trojan worm attacks and viruses that can damage the computer systems, servers and communication channels. Though Firewalls are used as a necessary security measure in a network environment but still different types of security issues keep on arising. In order to further strengthen the network from intruders, the concept of intrusion detection system (IDS) and intrusion prevention system (IPS) is gaining popularity. IDS is a process of monitoring the events occurring in a computer system or network and analyzing them for sign of possible incident which are violations or imminent threats of violations of computer security policies or standard security policies. intrusion prevention system (IPS) is a process of performing intrusion detection and attempting to stop detected possible incidents. This study aims to identify different types of Intrusion Detection and Prevention techniques discussed in the literature.

show abstract

“…Han et al [9] combined multiple host-based detection models using a decision tree to lower false alert rate with good performance on the detection accuracy. However, their detection models were established on the same layer (i.e., audit events and some related parameters and attributes), although the utilized information was different.…”

Section: Related Workmentioning

confidence: 99%

Constructing Multi-Layered Boundary to Defend Against Intrusive Anomalies: An Autonomic Detection Coordinator

Zhang

Shen

2005 International Conference on Dependable Systems and Networks (DSN'05)

View full text Add to dashboard Cite

An autonomic detection coordinator is developed in this paper, which constructs a multi-layered boundary to defend against host-based intrusive anomalies by correlating several observation-specific anomaly detectors. Two key observations facilitate the model formulation: First, different anomaly detectors have different detection coverage and blind spots; Second, diverse operating environments provide different kinds of information to reveal anomalies. After formulating the cooperation between basic detectors as a partially observable Markov decision process, a policygradient reinforcement learning algorithm is applied to search in an optimal cooperation manner, with the objective to achieve broader detection coverage and fewer false alerts. Furthermore, the coordinator's behavior can be adjusted easily by setting a reward signal to meet the diverse demands of changing system situations. A preliminary experiment is implemented, together with some comparative studies, to demonstrate the coordinator's performance in terms of admitted criteria.

show abstract

Combining Multiple Host-Based Detectors Using Decision Tree

Cited by 11 publications

References 12 publications

Architecture for Real Time Monitoring and Modeling of Network Behavior for Enhanced Security

Architecture for Real Time Monitoring and Modeling of Network Behavior for Enhanced Security

A Study of the Novel Approaches Used in Intrusion Detection and Prevention Systems

Constructing Multi-Layered Boundary to Defend Against Intrusive Anomalies: An Autonomic Detection Coordinator

Contact Info

Product

Resources

About