Monitoring IDS Background Noise Using EWMA Control Charts and Alert Information
نویسندگان
چکیده
Intrusion detection systems typically create large amounts of alerts, processing of which is a time consuming task for the user. This paper describes an application of exponentially weighted moving average (EWMA) control charts used to help the operator in alert processing. Depending on his objectives, some alerts are individually insignificant, but when aggregated they can provide important information on the monitored system’s state. Thus it is not always the best solution to discard those alerts, for instance, by means of filtering, correlation, or by simply removing the signature. We deploy a widely used EWMA control chart for extracting trends and highlighting anomalies from alert information provided by sensors performing pattern matching. The aim is to make output of verbose signatures more tolerable for the operator and yet allow him to obtain the useful information available. The applied method is described and experimentation along its results with real world data are presented. A test metric is proposed to evaluate the results.
منابع مشابه
Robust economic-statistical design of the EWMA-R control charts for phase II linear profile monitoring
Control charts are powerful tools to monitor quality characteristics of services or production processes. However, in some processes, the performance of process or product cannot be controlled by monitoring a characteristic; instead, they require to be controlled by a function that usually refers as a profile. This study suggests employing exponentially weighted moving average (EWMA) and range ...
متن کاملMonitoring Fuzzy Capability Index $widetilde{C}_{pk}$ by Using the EWMA Control Chart with Imprecise Data
A manufacturing process cannot be released to production until it has been proven to be stable. Also, we cannot begin to talk about process capability until we have demonstrated stability in our process. This means that the process variation is the result of random causes only and all assignable or special causes have been removed. In complicated manufacturing processes, such as drilling proces...
متن کاملRobustness of the EWMA Control Chart to Non-normality for Autocorrelated Processes
Most commonly used control charts for monitoring quality characteristics of the processes were developed under the assumption that the observations are randomly sampled from a normal population. It is well known that these control charts have more false alarms than usual when processes are positively autocorrelated. One remedy is to adjust the control limits such that the modified control chart...
متن کاملA Simple Approach for Monitoring Business Service Time Variation
Control charts are effective tools for signal detection in both manufacturing processes and service processes. Much of the data in service industries comes from processes having nonnormal or unknown distributions. The commonly used Shewhart variable control charts, which depend heavily on the normality assumption, are not appropriately used here. In this paper, we propose a new asymmetric EWMA ...
متن کاملMonitoring Lognormal Reliability Data in a Two-Stage Process Using Accelerated Failure Time Model
The reliability data is getting used to monitor and improve the quality of products or services. Nowadays, most of products or services are the results of processes with dependent stages referred to as multi-stage process. In these processes, the quality characteristics are affected by the quality characteristics in the previous stages, called as cascade property. In some cases, it is not possi...
متن کامل