Title :
Correlation and Collaboration in Anomaly Detection
Author :
Cullingford, Richard E.
Author_Institution :
Trusted Comput. Solutions, Herndon, VA
Abstract :
This abstract describes research into improving the capabilities of intrusion detection systems (IDSs) based on probabilistic anomaly detection (AD). One technique involves correlating evidence obtained from two or more detection engines to generate well-founded alarms. A second technique combines evidence from engines running on different sensors to achieve the same goal. In both cases, the aim is to reduce the false-positive (FP) problem that is characteristic of detection schemes that use AD. We illustrate use of the techniques to augment the capabilities of an existing AD IDS (CounterStorm-1) to allow it to create high-quality alarms in the presence of attempted malicious data exfiltration.
Keywords :
probability; security of data; anomaly detection; false-positive problem; intrusion detection systems; malicious data exfiltration; probabilistic anomaly detection; Collaboration; Contracts; Detectors; Engines; Intrusion detection; Payloads; Sensor phenomena and characterization; Telecommunication traffic; Terrorism; Traffic control; Anomaly Detection; Cross-Domain Attack Correlation Technologies;
Conference_Titel :
Conference For Homeland Security, 2009. CATCH '09. Cybersecurity Applications & Technology
Conference_Location :
Washington, DC
Print_ISBN :
978-0-7695-3568-5
DOI :
10.1109/CATCH.2009.34
