Reducing IDS False Positives Using Incremental Stream Clustering Algorithm
作者: Champa Dey
DOI:
关键词:
摘要: Along with Cryptographic protocols and digital signatures, Intrusion Detection Systems(IDS) are considered to be the last line of defense secure a network. But main problem todays most popular commercial IDSs(Intrusion System) is generation huge amount false positive alerts along true alerts, which cumbersome task for operator investigate in order initiate proper responses. So, there great demand explore this area research find out feasible solution. In thesis, we have chosen as our research. We tested effectiveness using Incremental Stream Clustering Algorithm reduce number from an IDS output. This algorithm was output one network based open source IDS, named Snort, configured playback mood look DARPA 1999 traffic dataset. Our approach evaluated compared K-Nearest Neighbor Algorithm. The result shows that reduces (more than 99%) alarms more (93%).
swedishict.se参考文章(13)
Jan Ekman, Anders Holst, Incremental stream clustering and anomaly detection Swedish Institute of Computer Science. ,(2008)
Lisa Talbot, Jonathan Tivel, Data Mining for Improving Intrusion Detection ,(2000)
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Peter P. Schoderbek, Charles G. Schoderbek, Asterios G. Kefalas, Management systems: Conceptual considerations ,(1975)
Klaus Julisch, Using root cause analysis to handle intrusion detection alarms Universität Dortmund. pp. 1- 136 ,(2003) , 10.17877/DE290R-14858
Kwok Ho Law, Lam For Kwok, IDS false alarm filtering using KNN classifier workshop on information security applications. pp. 114- 121 ,(2004) , 10.1007/978-3-540-31815-6_10
Tadeusz Pietraszek, Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection recent advances in intrusion detection. pp. 102- 124 ,(2004) , 10.1007/978-3-540-30143-1_6
Matthew V. Mahoney, Philip K. Chan, An analysis of the 1999 DARPA/lincoln Laboratory evaluation data for network anomaly detection recent advances in intrusion detection. pp. 220- 237 ,(2003) , 10.1007/978-3-540-45248-5_13
Christopher Kruegel, Fredrik Valeur, Giovanni Vigna, Intrusion Detection and Correlation: Challenges and Solutions ,(2004)
John McHugh, Testing Intrusion detection systems ACM Transactions on Information and System Security. ,vol. 3, pp. 262- 294 ,(2000) , 10.1145/382912.382923