Title :
Critical analyses of alerts swamping and intrusion redundancy
Author_Institution :
Univ. of Essex, Colchester, UK
Abstract :
Alerts swamping and intrusion redundancy are two critical problems of intrusion detection technology that often worsen the problems of classification, data reduction, false positives, intrusion correlation and reporting. Consequently, the validity and continuous usage of intrusion detectors are constantly threatened because the system administrators are always helpless while trying to thwart attacks on computer infrastructure. Hence, this paper presents critically investigations of alert swamping and redundancy and how we have lessened them using a simple clustering method. Extensive evaluations that we performed on several synthetic and realistic datasets have significantly reduced these problems and have equally demonstrated the variability of these problems in each dataset. Also substantiated was a method that could help the system administrators to thwart attacks.
Keywords :
security of data; telecommunication security; alerts swamping; classification; clustering method; computer infrastructure; data reduction; intrusion correlation; intrusion detection technology; intrusion redundancy; system administrators; Clustering methods; Costs; Detectors; Event detection; Face detection; Humans; Intrusion detection; Performance evaluation; Security;
Conference_Titel :
Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for
Conference_Location :
London
Print_ISBN :
978-1-4244-5647-5
DOI :
10.1109/ICITST.2009.5402617
