Abstract
To achieve broader detection coverage with fewer false alarms, a POMDP-based anomaly detection model combining several sate-of-the-art host-based anomaly detectors is proposed in this paper. An optimal combinatorial manner is expected to be discovered through a policy-gradient reinforcement learning algorithm, based on the independent actions of those detectors, and the behavior of the proposed model can be adjusted through a global reward signal to adapt to various system situations. A primarily experiment with some comparative studies are carried out to validate its performance.
Original language | English |
---|---|
Pages (from-to) | 989-996 |
Number of pages | 8 |
Journal | Lecture Notes in Computer Science |
Volume | 3421 |
Issue number | II |
DOIs | |
Publication status | Published - 2005 |
Externally published | Yes |
Event | Networking - ICN 2005 - Reunion Island, France Duration: 17 Apr 2005 → 21 Apr 2005 |