|
[1] A. Alharbt and H. Imai, “IDS False Alarm Reduction Using Continuous and Discontinuous Patterns,” in Proc. of the 3th International conf. on Applied Cryptography and Network Security (ACNS 2005), 2005, pp. 192-205. [2] J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel and E. Stoner, “State of the Practice of Intrusion Detection Technologies,” Software Engineering Institute of Carnegie Mellon University, PA, USA, Tech. Rep., Jan. 2000. [3] D. Bolzoni and S. Etalle, “APHRODITE: an Anomaly-based Architecture for False Positives Reduction,” University of Twente, Netherlands, Tech. Rep. TR-CTIT-06-13, 2006. [4] G. A. Carpenter and S. Grossberg, “The ART of Adaptive Pattern Recognition by a Self-Organizing Neural Network,” Computer, vol. 21, no. 3, pp. 77-88, 1988. [5] G. A. Carpenter, S. Grossberg, and J. H. Reynolds, “ARTMAP: Supervised real-time learning and classification of nonstationary data by a self organizing neural network,” Neural Networks, vol. 4 no.5, pp. 565–588, 1991. [6] F. Chu and C. Zaniolo, “Fast and Light Boosting for Adaptive Mining of Data Streams,” in Proc. of the 8th Pacific-Asia Conf. on Knowledge Discovery and Data mining (PAKDD 2004), 2004, pp. 282-292. [7] O. Dain and R. K. Cunningham, “Fusing a heterogeneous alert stream into scenarios,” in Proc. of the 8th ACM Conf. on Computer and Communications Security (CCS), Philadelphia, PA, 2001, pp. 1-13. [8] W. Fan, S. J. Stolfo, and J. Zhang, “The application of AdaBoost for distributed, scalable and on-line learning,” in Proc. of the 5th ACM SIGKDD Int. Conf. on Knowledge Discovery and Data Mining, 1999, pp. 362-366. [9] A. Fern and R. Givan, “Online ensemble learning: An empirical study,” Machine Learning, vol. 53, no. 1, pp. 71-109, 2003. [10] F. Ferrer-Troyano, J. S. Aguilar-Ruiz and J. C. Riquelme, “Data streams classification by incremental rule learning with parameterized generalization,” in Proc. of the 2006 ACM symposium on Applied computing, 2006, pp. 657-661. [11] E. Frank, G. Holmes, R. Kirkby, and M. Hall, “Racing Committees for Large Datasets,” in Proc. of the 5th International Conf. on Discovery Science, 2002, pp. 153-164. [12] Y. Freund and R. E. Schapire, “Experiments with a New Boosting Algorithm,” in Proc. of the 13th International Conf. on Machine Learning, 1996, pp. 148-156. [13] Y. Freund and R. E. Schapire, “A decision theoretic generalization of on-line learning and an application to boosting,” Computer System Science, vol. 57, no. 1, pp. 119–139, 1997. [14] K. Julisch, “Clustering Intrusion Detection Alarms to Support Root Cause Analysis,” ACM Trans. on Information and System Security (TISSEC), vol. 6, no. 4, pp. 443-471, 2003. [15] T. Kidera, S. Ozawa and S. Abe, “An Incremental Learning Algorithm of Ensemble Classifier Systems,” in Proc. of the International Joint Conf. on Neural Networks (IJCNN ’06), BC, Canada, 2006, pp. 3421- 3427. [16] J.Z. Kolter and M.A Maloof, “Dynamic weighted majority: a new ensemble method for tracking concept drift,” in Proc. of the 3rd IEEE International Conf. on Data Mining ICDM-2003, 2003, pp. 123-130. [17] K. H. Law and L. F. Kwok, “IDS False Alarm Filtering Using KNN Classifier,” in Proc. of the 5th International Workshop on Information Security Applications (WISA 2004), 2004, pp. 114-121. [18] W. Lee, S.J. Stolfo and K.W. Mok, “Adaptive intrusion detection: a data mining approach,” Artificial Intelligence Review, vol. 14, no. 6, pp. 533-567, 2000. [19] M.V. Mahoney and P.K. Chan, “An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection,” in Proc. of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), 2003, pp. 220-237. [20] Marcus A. Maloof and Ryszard S. Michalski, “Incremental learning with partial instance memory,” Artificial Intelligence, vol. 154, no. 1-2, pp. 95-126, 2004. [21] S. Manganaris, M. Christensen, D. Zerkle and K. Hermiz, “A Data Mining Analysis of RTID Alarms,” The International Journal of Computer and Telecommunications Networking, vol. 34, no. 4, pp. 571–577, 2000. [22] Y.L. Murphey, Z. Chen and L. Feldkamp, “Incremental neural learning using AdaBoost,” in Proc. of the International Joint Conf. on Neural Networks (IJCNN '02), Hawaii, USA, 2002, pp. 2304-2308. [23] D.A. Nembhard and N. Osothsilp, “An empirical comparison of forgetting models,” IEEE Trans. on Engineering Management, vol. 48, no. 3, pp. 283-291, 2001. [24] P. Ning, Y. Cui, D. S. Reeves and D. Xu, “Techniques and tools for analyzing intrusion alerts,” ACM Trans. on Information and System Security (TISSEC), vol. 7, no. 2, pp. 274-318, 2004. [25] T. Pietraszek, “Using adaptive alert classification to reduce false positives in intrusion detection,” in Proc. of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID 2004), 2004, pp. 102-124. [26] R. Polikar, L. Upda, S. S. Upda, and V. Honavar, “Learn++: An Incremental Learning Algorithm for Supervised Neural Networks,” IEEE Trans. on Systems, Man and Cybernetics, Part C, vol. 31, no. 4, pp. 497-508, 2001. [27] Y. Qiao and X. Weixin, “A Network IDS with Low False Positive Rate,” in Proc. of the IEEE congress on Evolutionary Computation (CEC 2002), 2002, pp. 1121-1126. [28] J. R. Quinlan, “Bagging, Boosting, and C4.5,” in Proc. of the 13th National Conf. on Artificial Intelligence, 1996, pp. 725-730. [29] M. Roesch, “Snort—Lightweight Intrusion Detection for Networks,” in Proc. of the 13th Large Installation System Administration Conf. (USENIX LISA ’99), 1999, pp. 229-238. [30] R. E. Schapire,Y. Freund, P. Bartlett, and W. S. Lee, “Boosting the margins: A new explanation for the effectiveness of voting methods,” The Annals of Statistics, vol. 26, no. 5, pp. 1651–1686, 1998. [31] R. E. Schapire and Y. Singer, “Improved Boosting Algorithms Using Confidence-rated Predictions,” Machine Learning, vol. 37, no. 3, pp. 297-336, 1999. [32] W. Street and Y. Kim, “A streaming ensemble algorithm (SEA) for large-scale classification,” in Proc. of the 7th ACM SIGKDD International Conf. on Knowledge Discovery and Data Mining KDD-2001, 2001, pp. 377-382. [33] H. Wang, W. Fan, P.S. Yu and J. Han, “Mining concept-drifting data streams using ensemble classifiers,” in Proc. of the 9th ACM SIGKDD International Conf. on Knowledge Discovery and Data Mining KDD-2003, 2003, pp. 226-235. [34] G. Widmer and M. Kubat, “Learning in the presence of concept drift and hidden contexts,” Machine Learning, vol. 23, no. 1, pp. 69-101, 1996. [35] I. Witten and E. Frank, Data Mining - Practical Machine Learning Tools and Techniques with Java Implementations, 2nd ed., J. Gray, Ed. CA: Morgan Kaufmann, 2005. [36] F. Valeur, G. Vigna, C. Kruegel and R.A. Kemmerer, “Comprehensive approach to intrusion detection alert correlation,” IEEE Trans. on Dependable and Secure Computing, vol. 1, no. 3, pp. 146-169, 2004. [37] B. Zhu and A. A. Ghorbani, “Alert Correlation for Extracting Attack Strategies,” International Journal of Network security, vol. 3, no. 3, pp. 224-258, 2006. [38] Basic Analysis and Security Engine (BASE) project, http://base.secureideas.net/index.php
|