Abstract
Fusing information from diverse detectors remains a challenge in the field of intrusion detection. We apply data fusion techniques to fuse alerts generated by different detectors that signal the potential presence of an intrusion. Data fusion has been shown to result in a decrease in false positives while achieving an improved level of detection. By combining detections from fusers on distributed hosts, a system can also detect and track the spread of an intrusion. We proceed to analyze the response time requirements of such a distributed containment system by including an explicit containment parameter in the spreading formulation.
Original language | English |
---|---|
Pages | 741-746 |
Number of pages | 6 |
State | Published - 2003 |
Event | MILCOM 2003 - 2003 IEEE Military Communications Conference - Monterey, CA, United States Duration: Oct 13 2003 → Oct 16 2003 |
Conference
Conference | MILCOM 2003 - 2003 IEEE Military Communications Conference |
---|---|
Country/Territory | United States |
City | Monterey, CA |
Period | 10/13/03 → 10/16/03 |