Information fusion for computer security: State of the art and open issues

Information Fusion

Volumn 10, Issue 4, 2009, Pages 274-284

  Corona, Igino ^a   Giacinto, Giorgio ^a   Mazzariello, Claudio ^b   Roli, Fabio ^a   Sansone, Carlo ^b  

^a UNIVERSITY OF CAGLIARI   (Italy)

^b UNIVERSITY OF NAPLES FEDERICO II   (Italy)

Author keywords

Computer security; Information fusion

Indexed keywords

COMPUTER SECURITY; PROBLEM FORMULATION; RESEARCH ISSUES; STATE OF THE ART;

SECURITY SYSTEMS;

INFORMATION FUSION;

EID: 67349154442     PISSN: 15662535     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.inffus.2009.03.001     Document Type: Article

References (59)

1. G. Androulidakis, V. Chatzigiannakis, S. Papavassiliou, Network anomaly detection and classification via opportunistic sampling, IEEE Network Magazine (January/February) (2009) (special issue on recent developments in network intrusion detection).
2. P. Barford, D. Plonka, Characteristics of network traffic flow anomalies, in: Proceedings of the First ACM SIGCOMM Workshop on internet Measurement, San Francisco, USA, November 2001.
3. M. Barreno, B. Nelson, R. Sears, A.D. Joseph, J.D. Tygar, Can machine learning be secure? in: Proceedings of the ACM Symposium on InformAtion, Computer, and Communications Security (ASIACCS'06), March 2006.
4. Bass T. Intrusion detection systems and multisensor data fusion. Communications of the ACM 43 4 (2000) 99-105
5. Cabrera J.B., Gutierrez C., and Mehra R.K. Ensemble methods for anomaly detection and distributed intrusion detection in mobile ad-hoc networks. International Journal on Information Fusion 9 1 (2008) 96-119
6. Cantieni G.R., Iannaccone G., Barakat C., Diot C., and Thiran P. Reformulating the monitor placement problem: optimal network-wide sampling. Proceedings of the 2006 ACM CoNEXT Conference (2006), ACM, New York 1-12 December
7. Chakrabarti A., and Manimaran G. Internet infrastructure security: a taxonomy. IEEE Network Magazine 16 6 (2002) 13-21
8. Cordella L.P., and Sansone C. A multi-stage classification system for detecting intrusions in computer networks. International Journal on Pattern Analysis and Applications 10 2 (2007) 83-100
9. Corona I., Giacinto G., and Roli F. Intrusion detection in computer systems using multiple classifier systems. In: Okun O., and Valentini G. (Eds). Supervised and Unsupervised Ensemble Methods and Their Applications (2008), Springer-Verlag, Berling/Heidelber 91-104
10. Dasarathy B.V. Intrusion detection. International Journal on Information Fusion 4 (2003) 243-245
11. Elkan C. Results of the KDD99 classifier learning. SIGKDD Explorations Journal ACM 1 (2000) 63-64
12. C. Feng, J. Peng, H. Qiao, J.W. Rozenblit, Alert fusion for a computer host based intrusion detection system, in: Proceedings of the 14th Annual IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, IEEE, 2007, pp. 433-440.
13. I. Finizio, C. Mazzariello, C. Sansone, A temporal-behavior knowledge space for detecting intrusions in computer networks, in: International Conference on Recent Advances in Soft Computing RASC 2006, Canterbury, UK, July 2006, pp. 10-12.
14. Gargiulo F., Mazzariello C., and Sansone C. Information fusion techniques for reliably training intrusion detection systems. In: Singh M., and Singh S. (Eds). Progress in Pattern Recognition (2007), Springer-Verlag, London 27-36
15. Giacinto G., Perdisci R., Del Rio M., and Roli F. Intrusion detection in computer networks by a modular ensemble of one-class classifiers. International Journal on Information Fusion 9 1 (2008) 69-82
16. Giacinto G., Roli F., and Fumera G. Selection of image classifiers. Electronic Letters 36 5 (2000) 420-422
17. Giacinto G., Roli F., and Didaci L. Fusion of multiple classifiers for intrusion detection in computer networks. Pattern Recognition Letters 24 12 (2003) 1795-1803
18. Harmer P.K., Williams P.D., Gunsch G.H., and Lamont G.B. An artificial immune system architecture for computer security applications. IEEE Transactions on Evolutionary Computation 6 3 (2002) 252-280
19. Hedberg S. Combating computer viruses: IBM's new computer immune system. Parallel and Distributed Technology: Systems and Applications, IEEE 4 2 (2002) 9-11
20. B. Hernacki, J. Bennett, J. Hoagland, An Overview of Network Evasion Methods, Information Security Technical Report, vol. 10, Elsevier, 2005, pp. 140-149.
21. Hu R., and Damper R.I. A "No Panacea Theorem" for classifier combination. Pattern Recognition Journal 41 8 (2008) 2665-2673
22. Y. Huang, W. Fan, W. Lee, P.S. Yu, Cross-feature analysis for detecting ad-hoc routing anomalies, in: Proceedings of the 23rd International Conference on Distributed Computing Systems, May 2003, pp. 478-487.
23. Huang Y.S., and Suen C.Y. A method of combining multiple experts for the recognition of unconstrained handwritten numerals. IEEE Transactions on Pattern Analysis and Machine Intelligence 17 1 (1995) 90-94
24. A. Karygiannis, E. Antonakakis, A. Apostolopoulos, Host-based network monitoring tools for MANETs, in: Proceedings of the Third ACM International Workshop on Performance Evaluation of Wireless Ad Hoc, Sensor and Ubiquitous Networks, Terromolinos, Spain, October 2006.
25. Kittler J., Hatef M., Duin R.P.W., and Matas J. On combining classifiers. IEEE Transactions on Pattern Analysis and Machine Intelligence Journal 20 3 (1998) 226-239
26. B.M. Kowalski, D.K. Bertolino, S. Basagni, Hack Boston: monitoring wireless security awareness in an urban setting, in: Proceedings of the Canadian Conference on Electrical and Computer Engineering, May 2006, pp. 1308-1311.
27. Krugel C., Toth T., and Kerer C. Decentralized event correlation for intrusion detection. In: Kim K. (Ed). Proceedings of the Fourth International Conference Seoul on Information Security and Cryptology, Lecture Notes in Computer Science vol. 2288 (2001), Springer-Verlag 114-131 December
28. Kuncheva L.I. Combining Pattern Classifiers: Methods and Algorithms (2004), Wiley Interscience
29. Kuncheva L.I., Bezdek J.C., and Duin R.P.W. Decision templates for multiple classifier fusion. Pattern Recognition Journal 34 2 (2001) 299-314
30. Lam K., LeBlanc D., and Smith B. Assessing Network Security (2004), Microsoft Press, One Microsoft Way, Redmond, Washington
31. W. Lee, A Data Mining Framework for Constructing Features and Models for Intrusion Detection Systems, Doctoral Thesis, Columbia University, 1999.
32. Lee W., and Stolfo S.J. A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information Systems Security 3 4 (2000) 227-261
33. R. Lemos, FBI "hack" raises global security concerns, CNET News.com, (accessed 29.04.08).
34. Z. Li, Z. Lei, L. Wang, D. Li, Assessing attack threat by the probability of following attacks, in: Proceedings of the International Conference on Networking, Architecture, and Storage, IEEE, 2007, pp. 91-100.
35. McHugh J. Testing intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory. ACM Transactions on Information System Security Journal 3 4 (2000) 262-294
36. Mukherjee B., Heberlein L.T., and Levitt K.N. Network intrusion detection. IEEE Network Magazine 8 3 (1994) 26-41
37. D. Mutz, C. Kruegel, W. Robertson, G. Vigna, R.A. Kemmerer, Reverse engineering of network signatures, in: Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, Gold Coast, Australia, 2005.
38. Nakamura E.F., Loureiro A.A.F., and Frery A.C. Information fusion for wireless sensor networks: methods, models, and classification. ACM Journal on Computing Surveys 39 3 (2007) 55 article 9
39. National Institute of Standards and Technology, Information Technology Laboratory, Computer Security Division, Standards for Security Categorization of Federal Information and Information Systems, Federal Information Processing Standards Publication 199, 2004, (accessed March 2009).
40. Oliviero F., Peluso L., and Romano S.P. REFACING: an autonomic approach to network security based on multidimensional trustworthiness. Computer Networks Magazine 52 (2008) 2745-2763
41. Perdisci R., Giacinto G., and Roli F. Alarm clustering for intrusion detection systems in computer networks. Engineering Applications of Artificial Intelligence 19 4 (2006) 429-438
42. Potter B. Wireless security's future. IEEE Security and Privacy 1 4 (2003) 68-72
43. Ranganathan A., and Campbell R.H. An infrastructure for context-awareness based on first order logic. Personal and Ubiquitous Computing Journal 7 6 (2003) 353-364
44. Romagnoli J.A., and Sanchez M.C. Data Processing and Reconciliation for Chemical Process Operations vol. 2 (2000), Academic Press
45. Scott S.L. A Bayesian paradigm for designing intrusion detection systems. Computational Statistics and Data Analysis Journal 45 1 (2004) 69-83
46. Shafer G. A Mathematical Theory of Evidence (1976), University Press, Princeton
47. V. Shmatikov, M.H. Wang, Security against probe-response attacks in collaborative intrusion, in: Detection Workshop on Large Scale Attack Defense, ACM, 2007, pp. 129-136.
48. C. Siaterlis, B.S. Maglaris, Towards multisensor data fusion for DoS detection, in: Proceedings of the 2004 ACM Symposium on Applied Computing, ACM, 2004, pp. 439-446.
49. Stallings W. Operating Systems Internal Design and Principles. fifth ed. (2005), Pearson Prentice Hall, Upper Saddle River, NJ
50. A. Stotz, M. Sudit, INformation Fusion Engine for Real-time Decision-making (INFERD): a perceptual system for cyber attack tracking, in: Proceedings of the 10th IEEE International Conference on Information Fusion, 2007, pp. 1-8.
51. G. Vigna, Mobile agents: ten reasons for failure, in: Proceedings of the International Conference on Mobile Data Management, 2004, pp. 298-299.
52. M. Wanli, D. Tran, D. Sharma, A study on the feature selection of network traffic for intrusion detection purpose, in: Proceedings of the IEEE International Conference on Intelligence and Security Informatics, 17-20 June 2008, pp. 245-247.
53. D. Xu, P. Ning, Correlation analysis of intrusion alerts, in: Roberto Di Pietro, Luigi V. Mancini (Eds.), Intrusion Detection Systems, Series on Advances in Information Security, vol. 38, 2008, pp. 65-92.
54. Xu L., Krzyzak A., and Suen C.Y. Methods for combining multiple classifiers and their applications to handwriting recognition. IEEE Transactions on Systems Man and Cybernetics 22 (1992) 418-435
55. D. Yu, D. Frincke, Alert confidence fusion in intrusion detection systems with extended Dempster-Shafer theory, in: Proceedings of the 43rd Annual Southeast Regional Conference, vol. 2, ACM, 2005, pp. 142-147.
56. Zhang C., Jiang J., and Kamel M.S. Intrusion detection using hierarchical neural networks. Pattern Recognition Letters Journal 26 6 (2005) 779-791
57. Zhang Y., and Ji Q. Active and dynamic information fusion for multisensor systems with dynamic bayesian networks. IEEE Transactions on Systems, Man, and Cybernetics Part B 36 2 (2006) 467-472
58. C.V. Zhou, S. Karunasekera, C. Leckie, Evaluation of a decentralized architecture for large scale collaborative intrusion detection, in: Proceedings of the 10th IFIP/IEEE International Symposium on Integrated Network Management, IEEE, 2007, pp. 80-89.
59. C.V. Zhou, C. Leckie, S. Karunasekera, T. Peng, A self-healing, self-protecting collaborative intrusion detection architecture to trace-back fast-flux phishing domains, in: IEEE Network Operations and Management Symposium Workshop, 7-11 April 2008, pp. 321-327.