Improving Anomaly Detection Error Rate by Collective Trust Modeling

Rehák, Martin; Pěchouček, Michal; Bartoš, Karel; Grill, Martin; Čeleda,  Pavel; Krmíček,  Vojtěch

Improving Anomaly Detection Error Rate by Collective Trust Modeling

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Informatics. Official publication website can be found on muni.cz.

Authors	REHÁK Martin PĚCHOUČEK Michal BARTOŠ Karel GRILL Martin ČELEDA Pavel KRMÍČEK Vojtěch
Year of publication	2008
Type	Article in Proceedings
Conference	Recent Advances in Intrusion Detection
MU Faculty or unit	Faculty of Informatics
Citation
Field	Informatics
Keywords	network behavior analysis; trust modeling
Description	Current Network Behavior Analysis (NBA) techniques are based on anomaly detection principles and therefore subject to high error rates. We propose a mechanism that deploys trust modeling, a technique for cooperator modeling from the multi-agent research, to improve the quality of NBA results. Our system is designed as a set of agents, each of them based on an existing anomaly detection algorithm coupled with a trust model based on the same traffic representation. These agents minimize the error rate by unsupervised, multi-layer integration of traffic classification. The system has been evaluated on real traffic in Czech academic networks.
Related projects:	Reflective-Cognitive Adaptation for Network Intrusion Detection Systems