Title :
A Hierarchical Alarm Processing Model for Intrusion Detection System
Author :
Lizhong Xiao ; YunXiang Liu ; Zhongdai Wu
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Shanghai Inst. of Technol., Shanghai, China
Abstract :
For the alarm flooding problem, a hierarchical alarm processing model is studied to filter, reduce and correlate alarms. In filtering, false alarms are eliminated with repository. In reduction, a reduction algorithm is designed to remove the duplicate alarms in real time. In correlation, a frequent episodes algorithm is implemented on training data to help clustering-based correlation algorithm find the intrusion patterns. Through the above processing, the false and invalid alarms are eliminated, which eases the networks system and administrator´s burden. Meanwhile, intrusion patterns can be found and alarm prediction can be reported. Experimental results show the model is effective.
Keywords :
security of data; alarm flooding problem; clustering-based correlation algorithm; hierarchical alarm processing model; intrusion detection system; Clustering algorithms; Computer science; Computer science education; Educational technology; Filters; Floods; Information filtering; Information systems; Intrusion detection; Mobile computing;
Conference_Titel :
Information Engineering and Computer Science, 2009. ICIECS 2009. International Conference on
Conference_Location :
Wuhan
Print_ISBN :
978-1-4244-4994-1
DOI :
10.1109/ICIECS.2009.5364079
