Title :
Using Alert Cluster to reduce IDS alerts
Author :
Njogu, Humphrey Waita ; Jiawei, Luo
Author_Institution :
Sch. of Comput. & Commun., Hunan Univ., Changsha, China
Abstract :
Intrusion Detection Systems (IDSs) are known to produce huge volumes of alerts. The interesting alerts are always mixed with irrelevant, duplicate and non interesting alerts. Huge volumes of poorly sorted and unclustered alerts frustrate the efforts of analysts when identifying the interesting alerts. Therefore, the unmanageable amount of poorly sorted alerts is a critical issue affecting the performance of IDSs. This paper proposes a better mechanism to compute the similarities of the verified alerts using the distance among the new alert features. Our approach uses the both clustering technique and Supporting Evidence (Vulnerability data) to build a robust Alert Cluster. Our goal was to reduce the unnecessary alert load and improve the quality of alerts sent to the analysts. We can confidently state that our approach significantly reduced the unnecessary alert loads and improved the quality of alerts.
Keywords :
pattern clustering; security of data; IDS alert; alert cluster; intrusion detection system; supporting evidence; Computers; Logic gates; Alert Clustering; Alert Reduction; Data Mining; Supporting Evidence; Vulnerability data;
Conference_Titel :
Computer Science and Information Technology (ICCSIT), 2010 3rd IEEE International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-5537-9
DOI :
10.1109/ICCSIT.2010.5563925
