Using Neuro-Fuzzy Techniques to reduce false alerts in IDS

The problems related to security for network systems are relative to the design of network architectures, which is typically based on open standards. Monitoring tools based on pattern recognition or behavioral analysis is typically used to ensure network security. SNORT is one such tool which is based on pattern recognition. SNORT alerts system administrators whenever it receives packets of information that match predetermined signatures contained in the SNORT ruleset, thereby protecting network sytems. Unfortunately, due to the nature of this design, SNORT operates at the packet level and thereby has no concept of the specific properties of the network it is trying to protect. This paper provides the analysis of NEFCLASS and JRip which, upon taking SNORT alerts as input and learning from training, attempts to reduce false-positive and negative alerts sent to the system administrator. The major drawback of SNORT is the amount of false alerts generated by the SNORT engine, which must then be analyzed and classified by system administrators. This paper proposes a tool which should lessen this burden and considerably reduce the workload of having to classify alerts by human beings.