Abstract
Current Network Behavior Analysis (NBA) techniques are based on anomaly detection principles and therefore subject to high error rates. We propose a mechanism that deploys trust modeling, a technique for cooperator modeling from the multi-agent research, to improve the quality of NBA results. Our system is designed as a set of agents, each of them based on an existing anomaly detection algorithm coupled with a trust model based on the same traffic representation. These agents minimize the error rate by unsupervised, multi-layer integration of traffic classification. The system has been evaluated on real traffic in Czech academic networks.
Similar content being viewed by others
References
Rehak, M., Pechoucek, M.: Trust modeling with context representation and generalized identities. In: Klusch, M., Hindriks, K.V., Papazoglou, M.P., Sterling, L. (eds.) CIA 2007. LNCS (LNAI), vol. 4676, pp. 298–312. Springer, Heidelberg (2007)
Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: A comprehensive approach to intrusion detection alert correlation. IEEE Transactions on Dependable and Secure Computing 01, 146–169 (2004)
Giacinto, G., Perdisci, R., Rio, M.D., Roli, F.: Intrusion detection in computer networks by a modular ensemble of one-class classifiers. Information Fusion 9, 69–82 (2008)
Rehak, M., Pechoucek, M., Grill, M., Bartos, K.: Trust-based classifier combination for network anomaly detection. In: Cooperative Information Agents XII. LNCS(LNAI), Springer, Heidelberg (to appear, 2008)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rehák, M., Pěchouček, M., Bartoš, K., Grill, M., Čeleda, P., Krmíček, V. (2008). Improving Anomaly Detection Error Rate by Collective Trust Modeling. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_25
Download citation
DOI: https://doi.org/10.1007/978-3-540-87403-4_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87402-7
Online ISBN: 978-3-540-87403-4
eBook Packages: Computer ScienceComputer Science (R0)