A Bayesian theory of confirmation for intrusion report fusion in process control networks. (15th July 2011)
- Record Type:
- Journal Article
- Title:
- A Bayesian theory of confirmation for intrusion report fusion in process control networks. (15th July 2011)
- Main Title:
- A Bayesian theory of confirmation for intrusion report fusion in process control networks
- Authors:
- Rrushi, Julian L.
- Abstract:
- We attack the following problem: how to fuse intrusion reports generated individually by intrusion detection algorithms devised especially for process control networks, in such a way as to have them alleviate any possible shortcomings of each other while contributing to a joint intrusion detection intelligence. We propose a mathematical development of the Heuer's analysis of competing hypotheses methodology in the form of a Bayesian theory of confirmation. We organise in a matrix the intrusion hypotheses along with evidence, and thereafter use the expectation-maximisation algorithm to estimate probability density functions that indicate the likelihood of each piece of evidence, i.e., hypothesis-based probabilities of each piece of evidence. Relations between the said likelihoods and the degrees to which hypotheses are confirmed on evidence are modelled via the Bayes theorem, which is used in its ratio form to probabilistically compare competing hypotheses against each other. In this regard, we use the probability tree method to estimate prior probabilities of competing hypotheses that are used within the Bayes theorem. We also discuss an empirical testing of the effectiveness of the proposed theory of confirmation via a technique that we call detection failure injection.
- Is Part Of:
- International journal of critical computer-based systems. Volume 2:Number 2(2011)
- Journal:
- International journal of critical computer-based systems
- Issue:
- Volume 2:Number 2(2011)
- Issue Display:
- Volume 2, Issue 2 (2011)
- Year:
- 2011
- Volume:
- 2
- Issue:
- 2
- Issue Sort Value:
- 2011-0002-0002-0000
- Page Start:
- 162
- Page End:
- 180
- Publication Date:
- 2011-07-15
- Subjects:
- industrial network communications -- cyber attack sensing -- applied statistics and probability theory
Computer systems -- Periodicals
Computer architecture -- Periodicals
004 - Journal URLs:
- http://www.inderscience.com/jhome.php?jcode=ijccbs ↗
http://www.inderscience.com/ ↗ - Languages:
- English
- ISSNs:
- 1757-8779
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 8389.xml