|
Invited Speakers
http://www.sersc.org/ISA2008/
April 24 - 26, 2008
Hanwha Resort Haeundae, Busan, Korea
| Incremental learning method in traffic anomaly detection systems |
Dr. Byeong Ho Kang
Professor, University of Tasmania, Australia
|
| Summary of his talk |
Traffic anomaly detection is a standard task for network administration and security systems. Traffic anomaly is caused by mechanical faults, fraudulent behaviour or human errors. Anomaly detection is about how to detect the faults or fraud from normal situation (Hodge and Austin, 2004). As people share more information across Internet, many approaches have been proposed to automate this task.
Many of these approaches attempt to develop a sophisticated model to represent the full range of normal traffic behaviour. As well as this, the model can be used to identify anomalies. However, it is not easy to develop such model because it requires large amount of training data and it does not guarantee that data set covers all normal and abnormal patterns in the domain. In addition to this, it is more difficult because the domain itself changes rapidly, changing hardware and software.
In this talk, a different approach using incremental knowledge acquisition method known as Ripple Down Rules will be introduced as a solution for the development and maintenance of domain model. RDR assumes that the current model detecting anomaly is always incomplete and should be updated on the fly. Therefore, human experts should be able to reconstruct or update the domain model again for newly identified abnormal cases. This seems to be obvious but traditional expert system studies have shown that this can not be easily done, known as ¡®knowledge acquisition bottleneck¡¯. The main problem is how the system can validate and verify the changes for the new cases.
RDR has been used in various expert system developments and has proven that it can maintain domain knowledge well regardless of the amount of domain knowledge. It proposed a new mechanism that ensures the verification and validation process while it is learning a new model. The evaluation study shows that it performs as the conventional system does while it provides a new function, updating a domain model in real time.
|
Multi-Source Information Fusion
An Overview in the Context of Information Security and Assurance
|
Dr. Belur V. Dasarathy
Fellow IEEE
Information Fusion Technologies Consultant
Editor-in-Chief, Information Fusion
http://belur.no-ip.com
fusion_consultant@yahoo.com
|
| Summary of his talk |
| This lecture will offer an introductory overview of the evolving field of Information Fusion with a view to delineate its role in the context of Information Security and Assurance, the theme of the conference. The presentation will start with a brief introduction to the field of multi-sensor, multi-source information fusion and underlying taxonomies touching upon the three facets of architectures, algorithms, and applications. The Information Security and Assurance Issues have been addressed in the Information Fusion domain as an intrusion detection problem. Accordingly, the talk will discuss the role of information fusion in enhancing the performance of intrusion detection systems as one among the more popular and upcoming application areas.
|
¡¡
|