This paper investigates the fusion process of combining cyber sensors on a network to detect and classify cyber behaviors – good and bad. Some bad cyber activity can be confused as appropriate (good) activity and vice versa. To wrongly block good activity is an error. Also, to allow bad cyber activity to continue believing it to be good activity is also an error. We wish to minimize these errors. Some bad cyber activity can be classified according to its severity. Confusing an extremely severe cyber activity for a mildly bad cyber activity can be a costly mistake also. We assume there are several classification systems present on the network, that is, a sensor, processor and exploiter at a minimum for each system. Also, the sensors may be disparate. Assume each system has a ROC manifold that is known, or has a good approximation. The goal of this paper is to demonstrate that there a best combining rule.
Mark E. Oxley and Igor V. Ternovskiy, "Fusion of cyber sensors on a network for improved detection and classification," Proc. SPIE 10185, Cyber Sensing 2017, 101850H (Presented at SPIE Defense + Security: April 11, 2017; Published: 4 May 2017); https://doi.org/10.1117/12.2267798.
Conference Presentations are recordings of oral presentations given at SPIE conferences and published as part of the conference proceedings. They include the speaker's narration along with a video recording of the presentation slides and animations. Many conference presentations also include full-text papers. Search and browse our growing collection of more than 12,000 conference presentations, including many plenary and keynote presentations.