TY - JOUR
T1 - Dynamic combination of multiple host-based anomaly detectors with broader detection coverage and fewer false alerts
AU - Zhang, Zonghua
AU - Shen, Hong
PY - 2005
Y1 - 2005
N2 - To achieve broader detection coverage with fewer false alarms, a POMDP-based anomaly detection model combining several sate-of-the-art host-based anomaly detectors is proposed in this paper. An optimal combinatorial manner is expected to be discovered through a policy-gradient reinforcement learning algorithm, based on the independent actions of those detectors, and the behavior of the proposed model can be adjusted through a global reward signal to adapt to various system situations. A primarily experiment with some comparative studies are carried out to validate its performance.
AB - To achieve broader detection coverage with fewer false alarms, a POMDP-based anomaly detection model combining several sate-of-the-art host-based anomaly detectors is proposed in this paper. An optimal combinatorial manner is expected to be discovered through a policy-gradient reinforcement learning algorithm, based on the independent actions of those detectors, and the behavior of the proposed model can be adjusted through a global reward signal to adapt to various system situations. A primarily experiment with some comparative studies are carried out to validate its performance.
UR - https://www.scopus.com/pages/publications/26844437680
U2 - 10.1007/978-3-540-31957-3_112
DO - 10.1007/978-3-540-31957-3_112
M3 - Conference article
AN - SCOPUS:26844437680
SN - 0302-9743
VL - 3421
SP - 989
EP - 996
JO - Lecture Notes in Computer Science
JF - Lecture Notes in Computer Science
IS - II
T2 - Networking - ICN 2005
Y2 - 17 April 2005 through 21 April 2005
ER -