Skip to content
Home
About Us
Resources
Profiles Metrics
Authors Directory
Institutions Directory
Top Authors
Top Institutions
Top Sponsors
AI Digest
Contact Us
Menu
Home
About Us
Resources
Profiles Metrics
Authors Directory
Institutions Directory
Top Authors
Top Institutions
Top Sponsors
AI Digest
Contact Us
Home
About Us
Resources
Profiles Metrics
Authors Directory
Institutions Directory
Top Authors
Top Institutions
Top Sponsors
AI Digest
Contact Us
Menu
Home
About Us
Resources
Profiles Metrics
Authors Directory
Institutions Directory
Top Authors
Top Institutions
Top Sponsors
AI Digest
Contact Us
Publication Details
AFRICAN RESEARCH NEXUS
SHINING A SPOTLIGHT ON AFRICAN RESEARCH
computer science
An intrusion detection and alert correlation approach based on revising probabilistic classifiers using expert knowledge
Applied Intelligence, Volume 38, No. 4, Year 2013
Notification
URL copied to clipboard!
Description
Bayesian networks are important knowledge representation tools for handling uncertain pieces of information. The success of these models is strongly related to their capacity to represent and handle dependence relations. Some forms of Bayesian networks have been successfully applied in many classification tasks. In particular, naive Bayes classifiers have been used for intrusion detection and alerts correlation. This paper analyses the advantage of adding expert knowledge to probabilistic classifiers in the context of intrusion detection and alerts correlation. As examples of probabilistic classifiers, we will consider the well-known Naive Bayes, Tree Augmented Naïve Bayes (TAN), Hidden Naive Bayes (HNB) and decision tree classifiers. Our approach can be applied for any classifier where the outcome is a probability distribution over a set of classes (or decisions). In particular, we study how additional expert knowledge such as "it is expected that 80 % of traffic will be normal" can be integrated in classification tasks. Our aim is to revise probabilistic classifiers' outputs in order to fit expert knowledge. Experimental results show that our approach improves existing results on different benchmarks from intrusion detection and alert correlation areas. © 2012 Springer Science+Business Media, LLC.
Authors & Co-Authors
Benferhat, Salem
France, Lille
Université de Lille
France, Lens
Centre de Recherche en Informatique de Lens
Boudjelida, Abdelhamid
France, Lille
Université de Lille
France, Lens
Centre de Recherche en Informatique de Lens
Tabia, Karim
France, Lille
Université de Lille
France, Lens
Centre de Recherche en Informatique de Lens
Drias, Habiba
Algeria, Algiers
Université Des Sciences et de la Technologie Houari Boumediene
Statistics
Citations: 46
Authors: 4
Affiliations: 3
Identifiers
Doi:
10.1007/s10489-012-0383-7
ISSN:
0924669X