A Semi-Supervised IDS Alert Classification Model Based on Alert Context
نویسندگان
چکیده
How to filtering false positives is a fundamental problem of IDS. Constructing alert classification model is one of efficient methods. However, the high cost of preparing training data and classification feature selection are key points in the problem. This paper gives a semi-supervised alert classification model which makes use of the power of semisupervised learning. Moreover, four classification features about alert context are introduced to improve classification accuracy. Experiments conducted on the DARPA 1999 dataset show that the use of the alert context properties can increase the classification accuracy by about 3 percent. Keywords-alert classification model; semi-supervised learning; alert context
منابع مشابه
Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملAlert correlation and prediction using data mining and HMM
Intrusion Detection Systems (IDSs) are security tools widely used in computer networks. While they seem to be promising technologies, they pose some serious drawbacks: When utilized in large and high traffic networks, IDSs generate high volumes of low-level alerts which are hardly manageable. Accordingly, there emerged a recent track of security research, focused on alert correlation, which ext...
متن کاملNetwork Attack Scenarios Extraction and Categorization by Mining IDS Alert Streams
The past few years have witnessed significant increase in DDoS attacks on Internet, prompting network security as a great concern. With the attacks getting more sophisticated, automatically reasoning the attack scenarios in real time and categorizing those scenarios become a critical challenge. However,the overwhelming flow of events generated by Intrusion Detection System (IDS) sensors make it...
متن کاملTRINETR: An Intrusion Detection Alert Management System
TRINETR: An Intrusion Detection Alert Management and Analysis System by Jinqiao Yu Intrusion detection system (IDS) is a software system or hardware device deployed to monitor network and host activities including data flows and information accesses etc. to capture suspicious activities. In recent years, IDS has began to gain wide acceptance as a necessary and worthwhile investment on security....
متن کاملSemi-supervised Learning for False Alarm Reduction
Intrusion Detection Systems (IDSs) which have been deployed in computer networks to detect a wide variety of attacks are suffering how to manage of a large number of triggered alerts. Thus, reducing false alarms efficiently has become the most important issue in IDS. In this paper, we introduce the semi-supervised learning mechanism to build an alert filter, which will reduce up to 85% false al...
متن کامل