• DocumentCode
    1936782
  • Title

    Using Alert Cluster to reduce IDS alerts

  • Author

    Njogu, Humphrey Waita ; Jiawei, Luo

  • Author_Institution
    Sch. of Comput. & Commun., Hunan Univ., Changsha, China
  • Volume
    5
  • fYear
    2010
  • fDate
    9-11 July 2010
  • Firstpage
    467
  • Lastpage
    471
  • Abstract
    Intrusion Detection Systems (IDSs) are known to produce huge volumes of alerts. The interesting alerts are always mixed with irrelevant, duplicate and non interesting alerts. Huge volumes of poorly sorted and unclustered alerts frustrate the efforts of analysts when identifying the interesting alerts. Therefore, the unmanageable amount of poorly sorted alerts is a critical issue affecting the performance of IDSs. This paper proposes a better mechanism to compute the similarities of the verified alerts using the distance among the new alert features. Our approach uses the both clustering technique and Supporting Evidence (Vulnerability data) to build a robust Alert Cluster. Our goal was to reduce the unnecessary alert load and improve the quality of alerts sent to the analysts. We can confidently state that our approach significantly reduced the unnecessary alert loads and improved the quality of alerts.
  • Keywords
    pattern clustering; security of data; IDS alert; alert cluster; intrusion detection system; supporting evidence; Computers; Logic gates; Alert Clustering; Alert Reduction; Data Mining; Supporting Evidence; Vulnerability data;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-1-4244-5537-9
  • Type

    conf

  • DOI
    10.1109/ICCSIT.2010.5563925
  • Filename
    5563925
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1936782