Title :
Statistical Decision Modeling for IDS Alert Analysis
Author :
Zhi-Tang, Li ; Dong, Li ; Jie, Lei ; Aifang, Zhang
Author_Institution :
Huazhong Univ. of Sci. & Technol., Wuhan
Abstract :
In large-scale network, IDS can produce a large number of alerts. Nowadays there isn´t an effective method to differentiate true alerts from false alerts. Confronted with this problem, we build a model for IDS alert analysis based on statistical decision. Through theoretical analysis, we find the optimal strategy: deleting alerts when FPP( False Positive Probability) exceeds some threshold, or sampling for checkup. What s more, we can work out FPP threshold and sample numbers. Theoretical analysis also finds that under some conditions the cost for alert checkup increases with FPP increasing. Together with them we construct FPP information network based on Bayes network to reduce checkup losses. Experiments demonstrate that some conclusions agree with our experience.
Keywords :
Bayes methods; computer networks; decision theory; probability; security of data; telecommunication security; Bayes network; FPP information network; IDS alert analysis; false positive probability; intrusion detection system; large-scale network; statistical decision modeling; Computer science; Cost function; Data privacy; Information security; Intrusion detection; Large-scale systems; Probability; Sampling methods; Stochastic processes;
Conference_Titel :
Data, Privacy, and E-Commerce, 2007. ISDPE 2007. The First International Symposium on
Conference_Location :
Chengdu
Print_ISBN :
978-0-7695-3016-1
DOI :
10.1109/ISDPE.2007.118
