Intrusion Detection System - False Positive Alert Reduction Technique
نویسندگان
چکیده
Intrusion Detection System (IDS) is the most powerful system that can handle the intrusions of the computer environments by triggering alerts to make the analysts take actions to stop this intrusion, but the IDS is triggering alerts for any suspicious activity which means thousand alerts that the analysts should take care of it. IDS generate a large number of alerts and most of them are false positive as the behavior construe for partial attack pattern or lack of environment knowledge. These Alerts has different severities and most of them don’t require big attention because of the huge number of the false alerts among them. Monitoring and identifying risky alerts is a major concern to security administrator. Deleting the false alerts or reducing the amount of the alerts (false alerts or real alerts) from the entire amount alerts lead the researchers to design an operational model for minimization of false positive alarms, including recurring alarms by security administrator. In this paper we are proposing a method, which can reduce such kind of false positive alarms. Index Terms Intrusion Detection, False Positives, Alert
منابع مشابه
Intrusion Alert Correlation Technique Analysis for Heterogeneous Log
Intrusion alert correlation is multi-step processes that receives alerts from heterogeneous log resources as input and produce a high-level description of the malicious activity on the network. The objective of this study is to analyse the current alert correlation technique and identify the significant criteria in each technique that can improve the Intrusion Detection System (IDS) problem suc...
متن کاملThe False Positive Alert Reduction Using Data mining Techniques in Intrusion Detection System
Information security is a vital aspect of any organization. Most of the organizations relay and trust on the intrusion Detection System (IDS) which play important role in detecting intrusions in data network environment. The design of IDS varies with implementation of different IDS techniques involved. The design of IDS techniques keep changes as the trend of data network innovative attack meth...
متن کاملReliable Alert Fusion of Multiple Intrusion Detection Systems
Alert Fusion is a process of combining alerts from multiple Intrusion Detection Systems to make a decision about the presence of attack or intrusion. A reliable decision from an alert fusion requires that Intrusion detectors involved in the fusion process generates fully reliable alerts. The unreliable alerts from intrusion detectors may completely misleads the decision making process. The exis...
متن کاملATLANTIDES: Automatic Configuration for Alert Verification in Network Intrusion Detection Systems
We present an architecture designed for alert verification (i.e., to reduce false positives) in network intrusion-detection systems. Our technique is based on a systematic (and automatic) anomaly-based analysis of the system output, which provides useful context information regarding the network services. The false positives raised by the NIDS analyzing the incoming traffic (which can be either...
متن کاملAn Outlier Detection-Based Alert Reduction Model
Intrusion Detection Systems (IDSs) are widely deployed with increasing of unauthorized activities and attacks. However they often overload security managers by triggering thousands of alerts per day. And up to 99% of these alerts are false positives (i.e. alerts that are triggered incorrectly by benign events). This makes it extremely difficult for managers to correctly analyze security state a...
متن کامل