Salem Benferhat

Bio: Salem Benferhat is an academic researcher from Artois University. The author has contributed to research in topics: Possibility theory & Inference. The author has an hindex of 40, co-authored 351 publications receiving 6766 citations. Previous affiliations of Salem Benferhat include Centre national de la recherche scientifique & Paul Sabatier University.

Organization based access control

Abstract: None of the classical access control models such as DAC, MAC, RBAC, TBAC or TMAC is fully satisfactory to model security policies that are not restricted to static permissions but also include contextual rules related to permissions, prohibitions, obligations and recommendations. This is typically the case of security policies that apply to the health care domain. We suggest a new model that provides solutions to specify such contextual security policies. This model, called organization based access control, is presented using a formal language based on first-order logic.

Naive Bayes vs decision trees in intrusion detection systems

Abstract: Bayes networks are powerful tools for decision and reasoning under uncertainty. A very simple form of Bayes networks is called naive Bayes, which are particularly efficient for inference tasks. However, naive Bayes are based on a very strong independence assumption. This paper offers an experimental study of the use of naive Bayes in intrusion detection. We show that even if having a simple structure, naive Bayes provide very competitive results. The experimental study is done on KDD'99 intrusion data sets. We consider three levels of attack granularities depending on whether dealing with whole attacks, or grouping them in four main categories or just focusing on normal and abnormal behaviours. In the whole experimentations, we compare the performance of naive Bayes networks with one of well known machine learning techniques which is decision tree. Moreover, we compare the good performance of Bayes nets with respect to existing best results performed on KDD'99.

Inconsistency management and prioritized syntax-based entailment

Abstract: The idea of ordering plays a basic role in commonsense reasoning for addressing three interrelated tasks: inconsistency handling, belief revision and plausible inference. We study the behavior of non-monotonic inferences induced by various methods for priority-based handling of inconsistent sets of classical formulas. One of them is based on a lexicographic ordering of maximal consistent subsets, and refines Brewka's preferred sub-theories. This new approach leads to a nonmonotonic inference which satisfies the "rationality" property while solving the problem of blocking of property inheritance. It differs from and improves previous equivalent approaches such as Gardenfors and Makinson's expectation-based inference, Pearl's System Z and possibilistic logic.

Representing Default Rules in Possibilistic Logic.

Abstract: A key issue when reasoning with default rules is how to order them so as to derive plausible conclusions according to the more specific rules applicable to the situation under concern, to make sure that default rules are not systematically inhibited by more general rules, and to cope with the problem of irrelevance of facts with respect to exceptions. Pearl's system Z enables us to rank-order default rules. In this paper we show how to encode such a rank-ordered set of defaults in possibilistic logic. We can thus take advantage of the deductive machinery available in possibilistic logic. We point out that the notion of inconsistency tolerant inference in possibilistic logic corresponds to the bold inference ;1 in system Z. We also show how to express defaults by means of qualitative possibility relations. Improvements to the ordering provided by system Z are also proposed.

A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection

Abstract: This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each ML/DM method are provided. Based on the number of citations or the relevance of an emerging method, papers representing each method were identified, read, and summarized. Because data are so important in ML/DM approaches, some well-known cyber data sets used in ML/DM are described. The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given method are provided.