CPL - Chalmers Publication Library
| Utbildning | Forskning | Styrkeområden | Om Chalmers | In English In English Ej inloggad.

Combining a Bayesian Classifier with Visualisation: Understanding the IDS

Stefan Axelsson (Institutionen för datavetenskap, ProSec)
proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security (2004)
[Konferensbidrag, övrigt]

Despite several years of intensive study, intrusion detection systems still suffer from two key deficiencies: Low detection rates and a high rate of false alarms. To counteract these drawbacks an interactive detection system based on simple Bayesian statistics combined with a visualisation component is proposed, in the hope that this lets the operator better understand how exactly the intrusion detection system is operating. The resulting system is applied to the log of a webserver. The combination proved to be effective. The Bayesian classifier was reasonably effective in learning to differentiate between benign and malicious accesses, and the visualisation component enabled the operator to discern when the intrusion detection system was correct in its output and when it was not, and to take corrective action, re-training the system interactively, until the desired level of performance was reached.

Nyckelord: Intrusion detection, Naive Bayesian Classification

Denna post skapades 2006-09-28. Senast ändrad 2013-08-12.
CPL Pubid: 2262


Institutioner (Chalmers)

Institutionen för datavetenskap, ProSec (2002-2004)


Information Technology

Chalmers infrastruktur