Combination Of Multiple Evidences Research Articles

A fuzzy detection approach toward different speed port scan attacks based on Dempster–Shafer evidence theory

AbstractPort scan detection is one of the important topics in network security and has received lots of attention by researchers; however a slow port scan attack can deceive most of the existing IDS. Besides, it is unreasonable in typical detection to decide whether it is a probe based on the precise threshold especially when the feature values are around the threshold without taking the uncertainty into consideration. To address these problems, a novel approach was proposed by collecting traffic statistics information called access port set (APS) for each IP address in time windows; several traffic features are extracted from APS which are considered as multiple evidences to indicate a probe. For each evidence, three probabilities are concerned to evaluate the likelihood of the probe occurring which include the probabilities of support, nonsupport and uncertainty. The comprehensive evidence can be obtained from the combination of multiple evidences to evaluate the probe threaten. Several experiments were performed to evaluate the approach with DARPA/MIT datasets and our own generated attack datasets; the experimental results show the feasibility of our approach in terms of detection accuracy and effectiveness. The mechanism can be applied not only in port scan detection but also other precise threshold based situations such as traffic abnormal analysis and intrusion detection. Copyright © 2016 John Wiley & Sons, Ltd.

On the Representation and Aggregation of Evidence in Software Engineering: A Theory and Belief-based Perspective

An adequate representation and a feasible aggregation procedure of evidence represents a challenging problem in many disciplines. The right representation can help scientists discuss and present the results of their findings and, if it is simple enough, it can be useful for practitioners to base their decisions on improvement implementations. The aggregation strengthens confidence in comparison to single evidence and is an important contribution to the body of knowledge. In this paper, we present a preliminary proposal to use empirically-based theories and belief functions as a means to represent and aggregate evidence. By having evidence explained by the same theory, we used belief functions to combine them in a way that the theory propositions (cause-effect values) result from combined evidence. We suggest this can be an useful way to obtain a good estimate of multiple evidence combination. In addition, we indicate its possible usefulness for practitioners to formalize and reuse their experiences. A real-case application of the approach is presented by formulating a theory for Usage-Based Reading inspection technique and aggregating the evidence acquired in three related empirical studies. This application indicated that the approach can give compatible results with the aggregated evidence.

Quality-aware similarity assessment for entity matching in Web data

One of the key challenges to realize automated processing of the information on the Web, which is the central goal of the Semantic Web, is related to the entity matching problem. There are a number of tools that reliably recognize named entities, such as persons, companies, geographic locations, in Web documents. The names of these extracted entities are, however, non-unique; the same name on different Web pages might or might not refer to the same entity. The entity matching problem concerns of identifying the entities, which are referring to the same real-world entity. This problem is very similar to the entity resolution problem studied in relational databases, however, there are also several differences. Most importantly Web pages often only contain partial or incomplete information about the entities. Similarity functions try to capture the degree of belief about the equivalence of two entities, thus they play a crucial role in entity matching. The accuracy of the similarity functions highly depends on the applied assessment techniques, but also on some specific features of the entities. We propose systematic design strategies for combined similarity functions in this context. Our method relies on the combination of multiple evidences, with the help of estimated quality of the individual similarity values and with particular attention to missing information that is common in Web context. We study the effectiveness of our method in two specific instances of the general entity matching problem, namely the person name disambiguation and the Twitter message classification problem. In both cases, using our techniques in a very simple algorithmic framework we obtained better results than the state-of-the-art methods.

Improving website search with server log analysis and multiple evidence combination

Despite the success of global search engines, website search is still problematic in its retrieval accuracy. Server logs contain a rich source of information about how users actually access a website. In this paper, we propose a novel approach of using server log analysis to extract terms to build the web page representation, which is a new source of evidence for website search. Then, we use multiple evidence combination to combine this log-based evidence with text-based and anchor-based evidence. We test the performance of different combination approaches the combination of representations and of ranking scores, using linear combination and inference network models. We also consider different baseline retrieval models. Our experimental results have shown that the server log, when used in multiple evidence combination, can improve the effectiveness of website search, whereas the impact on different models is different.

Comparing Rank and Score Combination Methods for Data Fusion in Information Retrieval

Combination of multiple evidences (multiple query formulations, multiple retrieval schemes or systems) has been shown (mostly experimentally) to be effective in data fusion in information retrieval. However, the question of why and how combination should be done still remains largely unanswered. In this paper, we provide a model for simulation and a framework for analysis in the study of data fusion in the information retrieval domain. A rank/score function is defined and the concept of a Cayley graph is used in the design and analysis of our framework. The model and framework have led us to better understanding of the data fusion phenomena in information retrieval. In particular, by exploiting the graphical properties of the rank/score function, we have shown analytically and by simulation that combination using rank performs better than combination using score under certain conditions. Moreover, we demonstrated that the rank/score function might be used as a predictive variable for the effectiveness of combination of multiple evidences.

Integration of multiple evidences based on a query type for web search

The massive and heterogeneous Web exacerbates IR problems and short user queries make them worse. The contents of web pages are not enough to find answer pages. PageRank compensates for the insufficiencies of content information. The content information and PageRank are combined to get better results. However, static combination of multiple evidences may lower the retrieval performance. We have to use different strategies to meet the need of a user. We can classify user queries as three categories according to users' intent, the topic relevance task, the homepage finding task, and the service finding task. In this paper, we present a user query classification method. The difference of distribution, mutual information, the usage rate as anchor texts and the POS information are used for the classification. After we classified a user query, we apply different algorithms and information for the better results. For the topic relevance task, we emphasize the content information, on the other hand, for the homepage finding task, we emphasize the Link information and the URL information. We could get the best performance when our proposed classification method with the OKAPI scoring algorithm was used.

Analyses of multiple evidence combination

Analyses of multiple evidence combination