Publication details

Improving Anomaly Detection Error Rate by Collective Trust Modeling

Authors

REHÁK Martin PĚCHOUČEK Michal BARTOŠ Karel GRILL Martin ČELEDA Pavel KRMÍČEK Vojtěch

Year of publication 2008
Type Article in Proceedings
Conference Recent Advances in Intrusion Detection
MU Faculty or unit

Faculty of Informatics

Citation
Field Informatics
Keywords network behavior analysis; trust modeling
Description Current Network Behavior Analysis (NBA) techniques are based on anomaly detection principles and therefore subject to high error rates. We propose a mechanism that deploys trust modeling, a technique for cooperator modeling from the multi-agent research, to improve the quality of NBA results. Our system is designed as a set of agents, each of them based on an existing anomaly detection algorithm coupled with a trust model based on the same traffic representation. These agents minimize the error rate by unsupervised, multi-layer integration of traffic classification. The system has been evaluated on real traffic in Czech academic networks.
Related projects: