Learn More
Conditioning, belief update and revision are important tasks for designing intelligent systems. Possibility theory is among the powerful uncertainty theories particularly suitable for representing and reasoning with uncertain and incomplete information. This paper addresses an important issue related to the possibilistic counterparts of Jeffrey’s rule of(More)
Bayesian networks are important knowledge representation tools for handling uncertain pieces of information. The success of these models is strongly related to their capacity to represent and handle dependence relations. Some forms of Bayesian networks have been successfully applied in many classification tasks. In particular, naive Bayes classifiers have(More)
Alert correlation is a crucial problem for monitoring and securing computer networks. It consists in analyzing the alerts triggered by intrusion detection systems (IDSs) and other security related tools in order to detect complex attack plans, discover false alerts, etc. The huge amounts of alerts raised continuously by IDSs and the impossibility for(More)
We propose a general framework for inconsistency-tolerant query answering within existential rule setting. This framework unifies the main semantics proposed by the state of art and introduces new ones based on cardinality and majority principles. It relies on two key notions: modifiers and inference strategies. An inconsistency-tolerant semantics is seen(More)
Decision trees and naive Bayes have been recently used as classifiers for intrusion detection problems. They present good complementarities in detecting different kinds of attacks. However, both of them generate a high number of false negatives. This paper proposes a hybrid classifier that exploits complementaries between decision trees and naive Bayes. In(More)
Probabilistic graphical models are very efficient modeling and reasoning tools. In this paper, we propose an efficient and novel Bayesian network model for a major problem in alert correlation which plays a crucial role in nowadays computer security. Indeed, the use of multiple intrusion detection systems (IDSs) and complementary approaches is fundamental(More)
Anomaly detection approaches are generally efficient in detecting new attacks. However, they fail in providing any further information regarding the nature of attacks. The first contribution of this paper is to equip an anomaly detection approach with a diagnosis module that classifies anomaly approach outputs in one among well known attack categories. The(More)
This paper deals with anomaly score aggregation and thresholding in multi-model anomaly-based approaches which require multiple detection models and profiles in order to characterize the different aspects of normal activities. Most works focus on profile/model definition while critical issues related to anomaly measuring, aggregating and thresholding have(More)