Title :
IDS alarms reduction using data mining
Author :
Al-Mamory, Safaa O. ; Hongli Zhang ; Abbas, Ayad R.
Author_Institution :
Harbin Inst. of Technol., Harbin
Abstract :
The Intrusion Detection Systems (IDSs) are one of robust systems which can effectively detect penetrations and attacks. However, they generate large number of alarms most of which are false positives. Fortunately, there are reasons for triggering alarms where most of these reasons are not attacks. In this paper, a new approximation algorithm has developed to group alarms and to produce clusters. Hereafter, each cluster abstracted as a generalized alarm; most of the generalized alarms are root causes. The proposed algorithm makes use of nearest neighboring and generalization concepts. As a clustering algorithm, the proposed algorithm uses a new measure to compute distances between alarms features values. This algorithm was verified with many datasets, and its reduction ratio was about 93% of the total alarms. The resulting generalized alarms help the security analyst in writing filters.
Keywords :
approximation theory; data mining; security of data; alert classification; data mining; intrusion detection systems; triggering alarms reduction; Data mining; Intrusion detection; Neural networks;
Conference_Titel :
Neural Networks, 2008. IJCNN 2008. (IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4244-1820-6
Electronic_ISBN :
1098-7576
DOI :
10.1109/IJCNN.2008.4634307
