Results 1 - 10
of
15
Towards multisensor data fusion for DoS detection
- In SAC ’04: Proceedings of the 2004 ACM Symposium on Applied Computing
"... In our present work we introduce the use of data fusion in the field of DoS anomaly detection. We present Dempster-Shafer’s Theory of Evidence (D-S) as the mathematical foun-dation for the development of a novel DoS detection engine. Based on a data fusion paradigm, we combine multiple ev-idence gen ..."
Abstract
-
Cited by 33 (2 self)
- Add to MetaCart
(Show Context)
In our present work we introduce the use of data fusion in the field of DoS anomaly detection. We present Dempster-Shafer’s Theory of Evidence (D-S) as the mathematical foun-dation for the development of a novel DoS detection engine. Based on a data fusion paradigm, we combine multiple ev-idence generated from simple heuristics to feed our D-S in-ference engine and attempt to detect flooding attacks. Our approach has as its main advantages the modeling power of Theory of Evidence in expressing beliefs in some hypothe-ses, the ability to add the notions of uncertainty and igno-rance in the system and the quantitative measurement of the belief and plausibility in our detection results. We evaluate our detection engine prototype through a set of experiments, that were conducted with real network traffic and with the use of common DDoS tools. We conclude that data fusion is a promising approach that could increase the DoS detection rate and decrease the false alarm rate.
Decision Making in a Context where Uncertainty is Represented by Belief Functions.
, 2000
"... A quantified model to represent uncertainty is incomplete if its use in a decision environment is not explained. When belief functions were first introduced to represent quantified uncertainty, no associated decision model was proposed. Since then, it became clear that the belief functions meani ..."
Abstract
-
Cited by 30 (4 self)
- Add to MetaCart
A quantified model to represent uncertainty is incomplete if its use in a decision environment is not explained. When belief functions were first introduced to represent quantified uncertainty, no associated decision model was proposed. Since then, it became clear that the belief functions meaning is multiple. The models based on belief functions could be understood as an upper and lower probabilities model, as the hint model, as the transferable belief model and as a probability model extended to modal propositions. These models are mathematically identical at the static level, their behaviors diverge at their dynamic level (under conditioning and/or revision). For decision making, some authors defend that decisions must be based on expected utilities, in which case a probability function must be determined. When uncertainty is represented by belief functions, the choice of the appropriate probability function must be explained and justified. This probability function doe...
Alert confidence fusion in intrusion detection systems with extended dempster-shafer theory
- in 43rd ACM Annual Southeast Conference
, 2005
"... Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources such as hosts and sub-networks to determine whether and how to respond to an attack. However, alerts from different locatio ..."
Abstract
-
Cited by 15 (1 self)
- Add to MetaCart
(Show Context)
Accurate identification of misuse is a key factor in determining appropriate ways to protect systems. Modern intrusion detection systems often use alerts from different sources such as hosts and sub-networks to determine whether and how to respond to an attack. However, alerts from different locations should not be treated equally. We propose improving and assessing alert accuracy by incorporating an algorithm based on the exponentially weighted Dempster-Shafer (D-S) Theory of Evidence. Our approach uses D-S theory to combine beliefs in certain hypotheses under conditions of uncertainty and ignorance, and allows quantitative measurement of the belief and plausibility in our detection results. Our initial evaluations on the DARPA IDS evaluation data set show that our alert fusion algorithm can improve alert quality over those from Hidden Colored Petri-Net (HCPN) based alert correlation components installed at the demilitarized zone (DMZ) and inside network sites. Due to alert confidence fusion in our example, the detection rate rises from 75 % to 93.8%, without adversely affecting the false positive rate.
Generating and integrating evidence for ontology mappings
- In Proc. of EKAW 2004
, 2004
"... Abstract. For more than a decade, ontologies have been proposed as a means to enable sharing and reuse of knowledge. While originally relatively narrow information landscapes have been in mind (e.g., knowledge sharing between a few expert systems) the application areas proposed nowadays (e.g., organ ..."
Abstract
-
Cited by 6 (1 self)
- Add to MetaCart
(Show Context)
Abstract. For more than a decade, ontologies have been proposed as a means to enable sharing and reuse of knowledge. While originally relatively narrow information landscapes have been in mind (e.g., knowledge sharing between a few expert systems) the application areas proposed nowadays (e.g., organizational knowledge management or the Semantic Web) are rather broad and open. From abstract considerations about the distributed nature of knowledge as well as from observation of actual (human) ontology negotiation processes it seems clear that globally agreed-upon conceptualizations are probably not obtainable. Therefore, ontology matching and mapping procedures play an essential role in more open information landscapes. In this paper, we present a framework that collects and integrates heuristic evidence for ontology mappings, allows a knowledge engineer to browse a space of (assessed) mapping candidates in order to select adequate candidates and then leverage them to a level of formal statements for ontology merging. A simple example session shows the intended handling of the prototype and demonstrates strengths and weaknesses of particular sources of matching evidence. 1
An evidential reasoning frame-work for object tracking
- SPIE Y PHOTONICS EAST 99
, 1999
"... Object tracking consists of reconstructing the configuration of an articulated body from a sequence of images provided by one or more cameras. In this paper we present a general method for pose estimation based on the evidential reasoning. The proposed framework integrates different levels of descri ..."
Abstract
-
Cited by 6 (3 self)
- Add to MetaCart
Object tracking consists of reconstructing the configuration of an articulated body from a sequence of images provided by one or more cameras. In this paper we present a general method for pose estimation based on the evidential reasoning. The proposed framework integrates different levels of description of the object to improve robustness and precision, overcoming the limitations of approaches using single-feature representations. Several image descriptions extracted from a single-camera view are fused together using the Dempster-Shafer ”theory of evidence”. 14 Feature data are expressed as belief functions over the set of their possibile values. There is no need of any a-priori assumptions about the model of the object. Learned refinement maps between feature spaces and the parameter space Q describing the configuration of the object characterize the relationships among distinct representations of the pose and play the role of the model. During training the object follows a sample trajectory in Q. Each feature space is reduced to a discrete frame of discernment (FOD) and refinements are built by mapping these FODs into subsets of the sample trajectory. During tracking new sensor data are converted to belief functions which are projected and combined in the approximate state space. Resulting degrees of belief indicate the best pose estimate at the current time step. The choice of a sufficiently dense (in a topological sense) sample trajectory is a critical problem. Experimental results concerning a simple tracking system are shown.
Showing Why Measures of Quantified Beliefs Are Belief Functions
"... In [8, 10], we present an axiomatic justification for the fact that quantified beliefs should be represented by belief functions. We show that the mathematical function that can represent quantified beliefs should be a Choquet capacity monotone of order 2. In order to show that it must be mo ..."
Abstract
-
Cited by 6 (0 self)
- Add to MetaCart
In [8, 10], we present an axiomatic justification for the fact that quantified beliefs should be represented by belief functions. We show that the mathematical function that can represent quantified beliefs should be a Choquet capacity monotone of order 2. In order to show that it must be monotone of order infinite, thus abelief function, we propose several extra rationality requirements. One of them is based on the negation of a belief function, a concept introduced by Dubois and Prade [2]. This concept was essentially abstract, and its applicability was neither established nor illustrated. Here we present an illustrative example of this negation process. This example gives ground to the use of belief functions.
A novel approach for a Distributed Denial of Service Detection Engine
, 2003
"... In our present work we present some of the most popular data fusion algorithms that have inspired us to build an innovative Distributed Denial of Service (DDoS) Detection Engine. Our approach is based on the mathematical ground of Dempster-Shafer's Theory of Evidence (D-S). ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
(Show Context)
In our present work we present some of the most popular data fusion algorithms that have inspired us to build an innovative Distributed Denial of Service (DDoS) Detection Engine. Our approach is based on the mathematical ground of Dempster-Shafer's Theory of Evidence (D-S).
Negotiating domain ontologies in distributed organizational memories
- Meaning Negotiation (MeaN-02). Technical Report WS-02-09
, 2002
"... Organizational Memory Information Systems (OMIS) have a strong need to represent shared understanding of various actors in the information landscape. Ontologies are widely seen as an adequate means for this purpose. In the FRODO project we develop an agent-based framework for Distributed Organizatio ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Organizational Memory Information Systems (OMIS) have a strong need to represent shared understanding of various actors in the information landscape. Ontologies are widely seen as an adequate means for this purpose. In the FRODO project we develop an agent-based framework for Distributed Organizational Memories, and one important type of agent in the framework are agents responsible for managing domain ontologies (Domain Ontology Agents, DOA). The process of establishing shared conceptualizations in our framework takes place on three levels: i) A DOA collects evidence that a portion of knowledge might be sharable among a group of actors. ii) The DOA coordinates a negotiation procedure between the relevant actors. iii) Ontology S cieties explicitly reflect the sharing scope of the knowledge managed by a DOA. These societies are grounded on the rights and obligations of the actors with respect to a specific domain ontology. The integration of all three levels is a cornerstone of FRODO’s approach to support a full ontology lifecycle in a distributed environment. Our actual research focus is the elaboration of level i). In particular, we are working on an instance-based approach for finding ontology overlaps on the basis of text analysis techniques. Domain Ontologies in Distributed Organizational Memories
Assessment of the Trustworthiness of Digital Records
"... Abstract. It is easy enough to assert the trustworthiness or otherwise of a digital record, but it is far more difficult to present an objective basis for that assertion. A number of recent research efforts have focused on the trustworthiness of a digital record while paying scant attention to the ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. It is easy enough to assert the trustworthiness or otherwise of a digital record, but it is far more difficult to present an objective basis for that assertion. A number of recent research efforts have focused on the trustworthiness of a digital record while paying scant attention to the record's evidential value as a measure of and a basis for the assessment of its trustworthiness. In this work, we study a model for the assessment of the trustworthiness of digital records based on their evidential values using the Dempster-Shafer (D-S) theory. The model is divided into three modules, (i) a knowledge-modelling module that models expert knowledge and consequent belief of evidence, (ii) an evidencecombination module that combines evidence from different sources in the face of uncertainty, and (iii) a trustworthiness assessment module that aggregates and integrates evidence, and assesses its trustworthiness. An example is presented to show how the model works.
