Data mining and machine learning-Towards reducing false positives in intrusion detection
作者: Tadeusz Pietraszek , Axel Tanner
DOI: 10.1016/J.ISTR.2005.07.001
关键词:
摘要: Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts report them. These presented a human analyst, who evaluates them and initiates an adequate response. In practice, have been observed thousands per day, most which mistakenly triggered by benign events (i.e., false positives). This makes it extremely difficult the analyst correctly identify related attacks true this paper, we present two orthogonal complementary approaches reduce number positives in intrusion detection using alert postprocessing data mining machine learning. Moreover, these techniques, because their nature, can be together alert-management system. concepts verified on variety sets, achieved significant reduction both simulated real environments.
acm.org
elsevier.com
sci-hub.se 参考文章(38)
Tom Fawcett, ROC Graphs: Notes and Practical Considerations for Data Mining Researchers ,(2003)
Wenke Lee, Salvatore J. Stolfo, A data mining framework for constructing features and models for intrusion detection systems (computer security, network security) Columbia University. ,(1999)
Lisa Talbot, Jonathan Tivel, Data Mining for Improving Intrusion Detection ,(2000)
Timothy N. Newsham, Thomas H. Ptacek, Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection ,(1998)
Hervé Debar, Andreas Wespi, Aggregation and Correlation of Intrusion-Detection Alerts recent advances in intrusion detection. pp. 85- 103 ,(2001) , 10.1007/3-540-45474-8_6
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
K. Julisch, Mining alarm clusters to improve alarm handling efficiency annual computer security applications conference. pp. 12- 21 ,(2001) , 10.1109/ACSAC.2001.991517
Klaus Julisch, Using root cause analysis to handle intrusion detection alarms Universität Dortmund. pp. 1- 136 ,(2003) , 10.17877/DE290R-14858
Oliver Dain, Robert K. Cunningham, Fusing A Heterogeneous Alert Stream Into Scenarios Applications of Data Mining in Computer Security. pp. 103- 122 ,(2002) , 10.1007/978-1-4615-0953-0_5
F. Cuppens, Managing alerts in a multi-intrusion detection environment annual computer security applications conference. pp. 22- 31 ,(2001) , 10.1109/ACSAC.2001.991518