Using Vulnerability To Reduce False Positive Rate In Intrusion Detection Systems

Nadjah Chergui, Narhimene Boustia
2016 Zenodo  
Intrusion Detection Systems are an essential tool for network security infrastructure. However, IDSs have a serious problem which is the generating of massive number of alerts, most of them are false positive ones which can hide true alerts and make the analyst confused to analyze the right alerts for report the true attacks. The purpose behind this paper is to present a formalism model to perform correlation engine by the reduction of false positive alerts basing on vulnerability contextual
more » ... ormation. For that, we propose a formalism model based on non-monotonic JClassicδє description logic augmented with a default (δ) and an exception (є) operator that allows a dynamic inference according to contextual information.
doi:10.5281/zenodo.1112091 fatcat:iih5zyt2ejhc7ncfeqokidksuu