TY - GEN
T1 - Bayesian decision aggregation in collaborative intrusion detection networks
AU - Fung, Carol J.
AU - Zhu, Quanyan
AU - Boutaba, Raouf
AU - Başar, Tamer
N1 - Copyright:
Copyright 2018 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Cooperation between intrusion detection systems (IDSs) allow collective information and experience from a network of IDSs to be shared for improving the accuracy of detection. A critical component of a collaborative network is the mechanism of feedback aggregation in which each IDS makes an overall security evaluation based on peer opinions and assessments. In this paper, we propose a collaboration framework for intrusion detection networks (CIDNs) and use a Bayesian approach for feedback aggregation by minimizing the combined costs of missed detection and false alarm. The proposed model is highly scalable, robust, and cost effective. Experimental results demonstrate an improvement in the true positive detection rate and a reduction in the average cost of our mechanism compared to existing models.
AB - Cooperation between intrusion detection systems (IDSs) allow collective information and experience from a network of IDSs to be shared for improving the accuracy of detection. A critical component of a collaborative network is the mechanism of feedback aggregation in which each IDS makes an overall security evaluation based on peer opinions and assessments. In this paper, we propose a collaboration framework for intrusion detection networks (CIDNs) and use a Bayesian approach for feedback aggregation by minimizing the combined costs of missed detection and false alarm. The proposed model is highly scalable, robust, and cost effective. Experimental results demonstrate an improvement in the true positive detection rate and a reduction in the average cost of our mechanism compared to existing models.
UR - http://www.scopus.com/inward/record.url?scp=77957786523&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77957786523&partnerID=8YFLogxK
U2 - 10.1109/NOMS.2010.5488489
DO - 10.1109/NOMS.2010.5488489
M3 - Conference contribution
AN - SCOPUS:77957786523
SN - 9781424453672
T3 - Proceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010
SP - 349
EP - 356
BT - Proceedings of the 2010 IEEE/IFIP Network Operations and Management Symposium, NOMS 2010
PB - IEEE Computer Society
T2 - 12th IEEE/IFIP Network Operations and Management Symposium, NOMS 2010
Y2 - 19 April 2010 through 23 April 2010
ER -