Experimental Evaluation of Qualitative Probability applied to Sensor Fusion and Intrusion Detection/Diagnosis
نویسندگان
چکیده
We experimentally analyze the accuracy of the System Z+ qualitative probability scheme of Goldszmidt and Pearl when used for diagnosis and information fusion. The Intrusion Detection System (IDS) fusion system Scyllarus, and its successor MIFD, use Z+ to assess the likelihood of various cyber attack events based on reports from IDSes. Z+ provides an order of magnitude approximation of conventional probability, similar to the order of magnitude approximation of computational complexity provided by big-O analysis. Scyllarus accurately identifies attacks and substantially reduces the false positives that are the bane of intrusion detection. In the work described here, we experimentally analyze the performance of MIFD in order to provide general conclusions about its behavior, complementing the results from field tests. Our experiments show that the qualitative probability scheme degrades gracefully in precision and recall as its order of magnitude approximation is a less and less accurate representation of true distributions. The system also degrades gracefully as its input sensors become less discriminating. Finally, we show that qualitatively fusing multiple IDSes successfully addresses base rate issues in intrusion detection. The interest of these results is not limited to intrusion detection: the method used in our systems is a general abductive scheme, based on qualitative Bayes networks, so the results are applicable to other information fusion and diagnostic applications. To the best of our knowledge, ours is the only experimental investigation of the accuracy of Z+ as an approximation of conventional probability.
منابع مشابه
Evaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملMHIDCA: Multi Level Hybrid Intrusion Detection and Continuous Authentication for MANET Security
Mobile ad-hoc networks have attracted a great deal of attentions over the past few years. Considering their applications, the security issue has a great significance in them. Security scheme utilization that includes prevention and detection has the worth of consideration. In this paper, a method is presented that includes a multi-level security scheme to identify intrusion by sensors and authe...
متن کاملA New Fault Tolerant Nonlinear Model Predictive Controller Incorporating an UKF-Based Centralized Measurement Fusion Scheme
A new Fault Tolerant Controller (FTC) has been presented in this research by integrating a Fault Detection and Diagnosis (FDD) mechanism in a nonlinear model predictive controller framework. The proposed FDD utilizes a Multi-Sensor Data Fusion (MSDF) methodology to enhance its reliability and estimation accuracy. An augmented state-vector model is developed to incorporate the occurred senso...
متن کاملA Lightweight Intrusion Detection System Based on Specifications to Improve Security in Wireless Sensor Networks
Due to the prevalence of Wireless Sensor Networks (WSNs) in the many mission-critical applications such as military areas, security has been considered as one of the essential parameters in Quality of Service (QoS), and Intrusion Detection System (IDS) is considered as a fundamental requirement for security in these networks. This paper presents a lightweight Intrusion Detection System to prote...
متن کاملIntegrating intrusion alert information to aid forensic explanation: An analytical intrusion detection framework for distributive IDS
The objective of this research is to show an analytical intrusion detection framework (AIDF) comprised of (i) a probability model discovery approach, and (ii) a probabilistic inference mechanism for generating the most probable forensic explanation based on not only just the observed intrusion detection alerts, but also the unreported signature rules that are revealed in the probability model. ...
متن کامل