• DocumentCode
    2962689
  • Title

    IDS alarms reduction using data mining

  • Author

    Al-Mamory, Safaa O. ; Hongli Zhang ; Abbas, Ayad R.

  • Author_Institution
    Harbin Inst. of Technol., Harbin
  • fYear
    2008
  • fDate
    1-8 June 2008
  • Firstpage
    3564
  • Lastpage
    3570
  • Abstract
    The Intrusion Detection Systems (IDSs) are one of robust systems which can effectively detect penetrations and attacks. However, they generate large number of alarms most of which are false positives. Fortunately, there are reasons for triggering alarms where most of these reasons are not attacks. In this paper, a new approximation algorithm has developed to group alarms and to produce clusters. Hereafter, each cluster abstracted as a generalized alarm; most of the generalized alarms are root causes. The proposed algorithm makes use of nearest neighboring and generalization concepts. As a clustering algorithm, the proposed algorithm uses a new measure to compute distances between alarms features values. This algorithm was verified with many datasets, and its reduction ratio was about 93% of the total alarms. The resulting generalized alarms help the security analyst in writing filters.
  • Keywords
    approximation theory; data mining; security of data; alert classification; data mining; intrusion detection systems; triggering alarms reduction; Data mining; Intrusion detection; Neural networks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Neural Networks, 2008. IJCNN 2008. (IEEE World Congress on Computational Intelligence). IEEE International Joint Conference on
  • Conference_Location
    Hong Kong
  • ISSN
    1098-7576
  • Print_ISBN
    978-1-4244-1820-6
  • Electronic_ISBN
    1098-7576
  • Type

    conf

  • DOI
    10.1109/IJCNN.2008.4634307
  • Filename
    4634307
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2962689