• DocumentCode
    3035902
  • Title

    Correlation and Collaboration in Anomaly Detection

  • Author

    Cullingford, Richard E.

  • Author_Institution
    Trusted Comput. Solutions, Herndon, VA
  • fYear
    2009
  • fDate
    3-4 March 2009
  • Firstpage
    251
  • Lastpage
    254
  • Abstract
    This abstract describes research into improving the capabilities of intrusion detection systems (IDSs) based on probabilistic anomaly detection (AD). One technique involves correlating evidence obtained from two or more detection engines to generate well-founded alarms. A second technique combines evidence from engines running on different sensors to achieve the same goal. In both cases, the aim is to reduce the false-positive (FP) problem that is characteristic of detection schemes that use AD. We illustrate use of the techniques to augment the capabilities of an existing AD IDS (CounterStorm-1) to allow it to create high-quality alarms in the presence of attempted malicious data exfiltration.
  • Keywords
    probability; security of data; anomaly detection; false-positive problem; intrusion detection systems; malicious data exfiltration; probabilistic anomaly detection; Collaboration; Contracts; Detectors; Engines; Intrusion detection; Payloads; Sensor phenomena and characterization; Telecommunication traffic; Terrorism; Traffic control; Anomaly Detection; Cross-Domain Attack Correlation Technologies;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-0-7695-3568-5
  • Type

    conf

  • DOI
    10.1109/CATCH.2009.34
  • Filename
    4804452
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3035902