Title :
A memory-based learning approach to reduce false alarms in intrusion detection
Author :
Weon, Ill-Young ; Song, Doo Heon ; Lee, Chang-Hoo ; Heo, Young-Jun ; Kim, Ki-Young
Author_Institution :
Dept. of Comput. Eng., Kon-Kuk Univ., Seoul
Abstract :
Signature-based IDS is known to have acceptable accuracy but suffers from high rates of false alarms. We show a behavior based alarm reduction by using a memory-based machine learning technique - instance based learner. Our extended form of IBL (XIBL) examines SNORT alarm signals if that signal is worthy sending signals to security manager. A preliminary experiment shows that these exists an apparent difference between true alarms and false alarms with respect to XIBL behavior and the full experiment successfully exhibits the power of hybrid system is there is a rich set of analyzed data such as DARPA 1998 data set we used
Keywords :
computer network management; learning (artificial intelligence); telecommunication security; false alarm reduction; instance-based learning; intrusion detection; memory-based machine learning technique; network security; Association rules; Computer network management; Computer security; Data mining; Data security; Information security; Intrusion detection; Machine learning; Resource management; Telecommunication computing;
Conference_Titel :
Advanced Communication Technology, 2005, ICACT 2005. The 7th International Conference on
Conference_Location :
Phoenix Park
DOI :
10.1109/ICACT.2005.245836
