A New Method for Filtering IDS False Positives with Semi-supervised Classification
作者: Minghua Zhang , Haibin Mei
DOI: 10.1007/978-3-642-31588-6_66
关键词:
摘要: Constructing alert classifiers is an efficient way to filter IDS false positives. Classifiers built with supervised classification technique require large amounts of labeled training alerts which are difficult and expensive prepare. This paper proposes use semi-supervised learning build model reduce the number needed alerts. Experiments conducted on DARPA 1999 dataset have demonstrated that can improve performance dramatically, especially when small. As a result, feasibility deploying classifier for filtering positives enhanced.
springer.com
springerlink.com参考文章(10)
Semi-Supervised Learning Advanced Methods in Sequence Analysis Lectures. pp. 221- 232 ,(2010) , 10.7551/MITPRESS/9780262033589.001.0001
Tadeusz Pietraszek, Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection recent advances in intrusion detection. pp. 102- 124 ,(2004) , 10.1007/978-3-540-30143-1_6
Richard Lippmann, Joshua W Haines, David J Fried, Jonathan Korba, Kumar Das, The 1999 DARPA off-line intrusion detection evaluation recent advances in intrusion detection. ,vol. 34, pp. 579- 595 ,(2000) , 10.1016/S1389-1286(00)00139-0
Joshua Ojo Nehinbe, Automated Method for Reducing False Positives international conference on intelligent systems, modelling and simulation. pp. 54- 59 ,(2010) , 10.1109/ISMS.2010.21
Huan Liu, Lei Yu, Toward integrating feature selection algorithms for classification and clustering IEEE Transactions on Knowledge and Data Engineering. ,vol. 17, pp. 491- 502 ,(2005) , 10.1109/TKDE.2005.66
Tom M. Mitchell, Kanal Paul Nigam, Using unlabeled data to improve text classification Using unlabeled data to improve text classification. pp. 124- 124 ,(2001)
Mohammedia Morocco, Lalla Fatima Salim, Rabat Morocco, Abdellatif Mezrioui, Improving the Quality of Alerts with Correlation in Intrusion Detection ,(2007)
Moon Sun Shin, Eun Hee Kim, Keun Ho Ryu, False Alarm Classification Model for Network-Based Intrusion Detection System intelligent data engineering and automated learning. pp. 259- 265 ,(2004) , 10.1007/978-3-540-28651-6_38
He-Ping LI, Behavior Modeling and Abnormality Detection Based on Semi-Supervised Learning Method Journal of Software. ,vol. 18, pp. 527- ,(2007) , 10.1360/JOS180527
Intelligent Data Engineering and Automated Learning – IDEAL 2004 Springer Berlin Heidelberg. ,(2004) , 10.1007/B99975