Effective Acquaintance Management for Collaborative Intrusion Detection Networks

An effective Collaborative Intrusion Detection Network (CIDN) allows distributed Intrusion Detection Systems (IDSes) to collaborate and share their knowledge and opinions about intrusions, to enhance the overall accuracy of intrusion assessment as well as the ability of detecting new classes of intrusions. Towards this goal, the authors propose a distributed Host-based IDS (HIDS) collaboration system, particularly focusing on acquaintance management where each HIDS selects and maintains a list of collaborators from which they can consult about intrusions. More specifically, each HIDS evaluates both the False Positive (FP) rate and False Negative (FN) rate of its neighboring HIDSes' opinions about intrusions using Bayesian learning, and aggregates their opinions about intrusions using a Bayesian decision model.

Provided by: University of Waterloo Topic: Security Date Added: Sep 2010 Format: PDF

Find By Topic