• DocumentCode
    3081442
  • Title

    Real-time classification of IDS alerts with data mining techniques

  • Author

    Vaarandi, Risto

  • Author_Institution
    Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia
  • fYear
    2009
  • fDate
    18-21 Oct. 2009
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    During the last decade, intrusion detection systems (IDSs) have become a widely used measure for security management. However, these systems often generate many false positives and irrelevant alerts. In this paper, we propose a data mining based real-time method for distinguishing important network IDS alerts from frequently occurring false positives and events of low importance. Unlike conventional data mining based approaches, our method is fully automated and able to adjust to environment changes without a human intervention.
  • Keywords
    data mining; pattern classification; security of data; data mining techniques; intrusion detection systems; real-time IDS alert classification; security management; Data mining; Data security; Event detection; Filtering; Filters; Humans; Intrusion detection; Monitoring; Telecommunication traffic; Testing;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Military Communications Conference, 2009. MILCOM 2009. IEEE
  • Conference_Location
    Boston, MA
  • Print_ISBN
    978-1-4244-5238-5
  • Electronic_ISBN
    978-1-4244-5239-2
  • Type

    conf

  • DOI
    10.1109/MILCOM.2009.5379762
  • Filename
    5379762
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3081442