Wael Khreich

Learn More
to the Maximum Realizable ROC (MRROC) technique. The performance of this approach is compared favorably to that of a single best HMM and to a traditional sequence matching technique called STIDE, using different synthetic HIDS data sets. Results indicate that this approach provides a higher level of performance over a wide range of training set sizes with(More)
Keywords: Classification Multi-classifier systems Incremental learning Adaptive systems ROC Information fusion Hidden Markov models Anomaly detection Computer and network security a b s t r a c t Hidden Markov models (HMMs) have been successfully applied in many intrusion detection applications, including anomaly detection from sequences of operating system(More)
Keywords: Incremental learning On-line learning Hidden Markov model Limited training data Expectation–maximization Recursive estimation a b s t r a c t The performance of Hidden Markov Models (HMMs) targeted for complex real-world applications are often degraded because they are designed a priori using limited training data and prior knowledge, and because(More)
Twitter is among the fastest-growing microblogging and online social networking services. Messages posted on Twitter (tweets) have been reporting everything from daily life stories to the latest local and global news and events. Monitoring and analyzing this rich and continuous user-generated content can yield unprecedentedly valuable information, enabling(More)
—Using Boolean AND and OR functions to combine the responses of multiple one-or two-class classifiers in the ROC space may significantly improve performance of a detection system over a single best classifier. However, techniques found in literature assume that the classifiers are conditionally-independent, and that their ROC curves are convex. These(More)
To improve accuracy and reliability, Boolean combination (BC) can efficiently integrate the responses of multiple biometric systems in the ROC space. However, BC techniques assume that recognition systems are conditionally-independent and that their ROC curves are convex. These assumptions are rarely valid in practice, where systems face complex(More)
—Hidden Markov Models (HMMs) have been shown to provide a high level performance for detecting anomalies in intrusion detection systems. Since incomplete training data is always employed in practice, and environments being monitored are susceptible to changes, a system for anomaly detection should update its HMM parameters in response to new training data(More)