6,517 Hits in 8.4 sec

Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection [chapter]

Tadeusz Pietraszek
2004 Lecture Notes in Computer Science  
In this paper we describe ALAC, the Adaptive Learner for Alert Classification, which is a novel system for reducing false positives in intrusion detection.  ...  Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts to report them.  ...  Acknowledgments Many thanks to Klaus Julisch and Anderas Wespi for their contribution to the system and valuable comments.  ... 
doi:10.1007/978-3-540-30143-1_6 fatcat:dvmqbakuk5bqtgh6q4reyj2swi


2013 Journal of Computer Science  
The Intrusion Detection System (IDS) generates huge amounts of alerts that are mostly false positives.  ...  Threat score process of IDS alert system is characterized by using a proposed adaptive Apriori algorithm, which has been modified to work with multi features, i.e., items and automated classification of  ...  Related Works Intrusion detection system is used to generate alerts, those alerts can be classified into false positives and true negatives.  ... 
doi:10.3844/jcssp.2013.421.426 fatcat:exe23bnjznby3mb5dcygq3s2bq


Harmanpreet Kaur
2018 International Journal of Advanced Research in Computer Science  
Lots of work has been done to propose various MAS-based intrusion diagnostic techniques for handling the attack alerts, reducing them and for differentiating the real attacks from false positive attacks  ...  of alerts and false positive alarms.  ...  [8] have presented data mining technique which aims to reduced false positives alarms and improve accuracy in intrusion detection systems.  ... 
doi:10.26483/ijarcs.v9i2.5728 fatcat:vdf7litb7jca5j6t5czamuw25q

Using Adaptive Neuro-Fuzzy Inference System in Alert Management of Intrusion Detection Systems

Zahra Atashbar Orang, Ezzat Moradpour, Ahmad Habibizad Navin, Amir Azimi Alasti Ahrabim, Mir Kamal Mirnia
2012 International Journal of Computer Network and Information Security  
In this paper a system is proposed that uses Adaptive Neuro-Fuzzy Inference System to classify IDS alerts reducing false positive alerts and also identifying attack types of true positive ones.  ...  Index Terms -Intrusion detection system, alert classification, ANFIS, false positive alert reduction I.  ...  traffics in DARPA 98 intrusion detection dataset.  ... 
doi:10.5815/ijcnis.2012.11.04 fatcat:voralp4nanfwra6grieoujjasa

Open Source Intelligent Network Intrusion Detection System Analyzer

Bhavini Ahir Bhavini Ahir, Prachi Tambakhe, Dr. Kalpesh Lad Dr. Kalpesh Lad
2011 Indian Journal Of Applied Research  
A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action.  ...  In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.  ...  Following are various approaches to provide NIDS: Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection The problem of false positives in intrusion detection by building  ... 
doi:10.15373/2249555x/dec2012/27 fatcat:c5rsub5dpfb2pgy7qc53bt5isa

A Bayesian Classification on Asset Vulnerability for Real Time Reduction of False Positives in Ids

G Jacob Victor
2012 International journal of network security and its applications  
In this paper we present design of an external module to IDS,to identify false positive alertsbased on anomaly based adaptive learning model.  ...  Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern.  ...  more stringent rules by increasing the security thresholds, to reduce false negatives, resulting in high False Positives.  ... 
doi:10.5121/ijnsa.2012.4205 fatcat:upmelxsuv5cpljg33nbks5ruaa

An enhanced classification framework for intrusions detection system using intelligent exoplanet atmospheric retrieval algorithm

Slamet Slamet, Izzeldin Ibrahim Mohamed Abdelaziz
2022 Bulletin of Electrical Engineering and Informatics  
This causes the classifier to be biased, reduce classification accuracy, and increase false alert.  ...  To that end, we proposed a model that significantly improve the accuracy of the intrusion detection system by eliminating false alerts, whether they are false negative or false positive negative alerts  ...  ACKNOWLEDGEMENTS The authors are grateful to the Universitas Dinamika, Surabaya, Indonesia and Universiti Malaysia Pahang, Malaysia for supporting this research.  ... 
doi:10.11591/eei.v11i2.3308 fatcat:arjwz2znyngd7fsqlunzyqouby

Classification of KDDCup99 Dataset for Intrusion Detection: A Survey

2017 International Journal of Recent Trends in Engineering and Research  
Here in this paper a survey of all the Intrusion Detections technique used for the classification of KDDCup99 Datasets.  ...  Detection of intrusion in network is necessary since the intrusion may create harm or attack any application which needs to be detected and prevented.  ...  The proposed DTPAIDS is designed with the aim of reducing the rate of detected false positive intrusion through two achievements.  ... 
doi:10.23883/ijrter.2017.3327.eds6q fatcat:qptogod7czanffi64fwlpiitj4

Machine Learning Approach to Combat False Alarms in Wireless Intrusion Detection System

D. Sudaroli Vijayakumar, S. Ganapathy
2018 Computer and Information Science  
Reducing the false alarms can improve the overall efficiency of the WIDS. Many techniques have been proposed in the literature to reduce the false alarm rates.  ...  This paper made an extensive survey about the role of machine learning techniques to reduce the false alarm rate in WLAN IEEE 802.11.  ...  One of the notable research that used a novel approach using machine learn ing technique to identify true positive is presented in [35] as Adaptive Learner for Alert Classification.  ... 
doi:10.5539/cis.v11n3p67 fatcat:zgz2dvildjdmxlwue3fccd2tsq

Intrusion Detection Systems - Analysis and Containment of False Positives Alerts

G. Jacob Victor, Dr. M Sreenivasa Rao, Dr. V. CH. Venkaiah
2010 International Journal of Computer Applications  
Organizations install Intrusion Detection Systems (IDS) to alert suspicious traffic or activity.  ...  The architecture, design and performance of model in minimization of false positives in IDS are explored and the experimental results are presented with reference to lab environment.  ...  The model to reduce false positives using adaptive responses of firewall rule sets on "net work quarantine channels (NQC)" was proposed by Emmanuel Hooper [16] , using firewall architectures.  ... 
doi:10.5120/931-1308 fatcat:ywopm5545nbfbjnpp2gonidraa

Feature-based alert correlation in security systems using self organizing maps

Munesh Kumar, Shoaib Siddique, Humera Noor, Belur V. Dasarathy
2009 Data Mining, Intrusion Detection, Information Security and Assurance, and Data Networks Security 2009  
We've shown that the strategy described in the paper improves the efficiency of IDS by better correlating the alerts, leading to reduced false positives and increased competence of network administrator  ...  To deal with such vulnerabilities a system has been evolved with the purpose of generating an alert for any malicious activity triggered against the network and its resources, termed as Intrusion Detection  ...  Misuse Detection System is inclined to have high false negative alerts and small false positive alerts. On the other hand Anomaly Detection have low false negative but high false positive, [10] .  ... 
doi:10.1117/12.820000 dblp:conf/dmkdttt/KumarSN09 fatcat:jam6ntdxcfaspifbdxscnlvesy

A Novel Signature-Based Traffic Classification Engine To Reduce False Alarms In Intrusion Detection Systems

Md. Azizul Islam, Md. Manirul Islam
2015 International Journal of Computer Networks & Communications  
Intrusion detection systems use to deploy algorithmic procedures to reduce false positives though producing a good number of false alarms.  ...  The ratio of generating the false positives varies from the performance of the detection engines used to scan incoming packets.  ...  Long signatures [28] required to reduce false positives further reduces the performance.  One and all tend to encrypt their data before transmission.  ... 
doi:10.5121/ijcnc.2015.7105 fatcat:xutisiccirfbrcqwqfjchbeisy

Semi-supervised Learning for False Alarm Reduction [chapter]

Chien-Yi Chiu, Yuh-Jye Lee, Chien-Chung Chang, Wen-Yang Luo, Hsiu-Chuan Huang
2010 Lecture Notes in Computer Science  
In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false alarms and still keep a high detection rate.  ...  Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts.  ...  Acknowledgement We would like to thank the anonymous referees for providing constructive comments.  ... 
doi:10.1007/978-3-642-14400-4_46 fatcat:7xivtc3o5vgppfzaf3wu5oq6hq

Two-Stage Orthogonal Network Incident Detection for the Adaptive Coordination with SMTP Proxy [chapter]

Ruo Ando, Yoshiyasu Takefuji
2003 Lecture Notes in Computer Science  
Empirical experiments show that our model and deployment can be effective in reducing the false positive rate and in adaptive coordination with SMTP proxy server.  ...  Therefore, it is possible to detect new type of attacks while maintaining a low false positive rate.  ...  The advantages pointed out in our discussion are as follows: [1] Adjustment function of classification using double-layer signature matrix offers the ability to keep the rate of AID false positive reasonably  ... 
doi:10.1007/978-3-540-45215-7_37 fatcat:dk3iihpoyfemrf35zlraxhicoq

Improving the management of IDS alerts

Tu Hoang Nguyen, JiaWei Luo, Humphrey Waita Njogu
2014 International Journal of Security and Its Applications  
Intrusion Detection Systems (IDSs) play very crucial role in minimizing the damage caused by different computer attacks.  ...  Usually, the analysts use their knowledge to distinguish true alerts from false alerts, a task that could be frustrating and time consuming when dealing with huge volumes of alerts.  ...  Pietraszek [9] propose an adaptive Learner for Alert Classification (ALAC) framework for reducing false positive.  ... 
doi:10.14257/ijsia.2014.8.3.38 fatcat:67thwz7w6ncqzkrt5jj357qpge
« Previous Showing results 1 — 15 out of 6,517 results