Dynamic combination of multiple host-based anomaly detectors with broader detection coverage and fewer false alerts

Zonghua Zhang, Hong Shen

Research output: Contribution to journalConference articlepeer-review

Abstract

To achieve broader detection coverage with fewer false alarms, a POMDP-based anomaly detection model combining several sate-of-the-art host-based anomaly detectors is proposed in this paper. An optimal combinatorial manner is expected to be discovered through a policy-gradient reinforcement learning algorithm, based on the independent actions of those detectors, and the behavior of the proposed model can be adjusted through a global reward signal to adapt to various system situations. A primarily experiment with some comparative studies are carried out to validate its performance.

Original languageEnglish
Pages (from-to)989-996
Number of pages8
JournalLecture Notes in Computer Science
Volume3421
Issue numberII
DOIs
Publication statusPublished - 2005
Externally publishedYes
EventNetworking - ICN 2005 - Reunion Island, France
Duration: 17 Apr 200521 Apr 2005

Fingerprint

Dive into the research topics of 'Dynamic combination of multiple host-based anomaly detectors with broader detection coverage and fewer false alerts'. Together they form a unique fingerprint.

Cite this