loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Salem Benferhat and Karim Tabia

Affiliation: CRIL - CNRS UMR8188, Universite´ d’Artois, France

Keyword(s): Anomaly intrusion detection, anomaly scoring and aggregating, thresholding, Bayesian networks.

Related Ontology Subjects/Areas/Topics: Enterprise Information Systems ; Formal Methods ; Information and Systems Security ; Information Systems Analysis and Specification ; Intrusion Detection & Prevention ; Methodologies and Technologies ; Operational Research ; Security ; Security in Information Systems ; Security Metrics and Measurement ; Simulation and Modeling

Abstract: Anomaly-based approaches often require multiple profiles and models in order to characterize different aspects of normal behaviors. In particular, anomaly scores of audit events are obtained by aggregating several local anomaly scores. Remarkably, most works focus on profile/model definition while critical issues of anomaly measuring, aggregating and thresholding are dealt with ”simplistically”. This paper addresses the issue of anomaly scoring and aggregating which is a recurring problem in anomaly-based approaches. We propose a Bayesian-based scheme for aggregating anomaly scores in a multi-model approach and propose a two-stage thresholding scheme in order to meet real-time detection requirements. The basic idea of our scheme is the fact that anomalous behaviors induce either intra-model anomalies or inter-model anomalies. Our experimental studies, carried out on recent and real htt p traffic, show for instance that most attacks induce only intra-model anomalies and can be effect ively detected in real-time. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.119.122.140

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Benferhat, S. and Tabia, K. (2008). NEW SCHEMES FOR ANOMALY SCORE AGGREGATION AND THRESHOLDING. In Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT; ISBN 978-989-8111-59-3; ISSN 2184-3236, SciTePress, pages 21-28. DOI: 10.5220/0001927900210028

@conference{secrypt08,
author={Salem Benferhat. and Karim Tabia.},
title={NEW SCHEMES FOR ANOMALY SCORE AGGREGATION AND THRESHOLDING},
booktitle={Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT},
year={2008},
pages={21-28},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001927900210028},
isbn={978-989-8111-59-3},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the International Conference on Security and Cryptography (ICETE 2008) - SECRYPT
TI - NEW SCHEMES FOR ANOMALY SCORE AGGREGATION AND THRESHOLDING
SN - 978-989-8111-59-3
IS - 2184-3236
AU - Benferhat, S.
AU - Tabia, K.
PY - 2008
SP - 21
EP - 28
DO - 10.5220/0001927900210028
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic