Experimental Studies Using Median Polish Procedure to Reduce Alarm Rates in Data Cubes of Intrusion Data
نویسندگان
چکیده
The overwhelming number of alarms generated by rule-based network intrusion detection systems makes the task of network security operators ineffective. Preliminary results on an approach called EXOLAP shows that false positives alarms can be avoided by detecting changes on the stream of alarms using a data cube and median polish procedure. A data cube aggregates alarms by hierarchical time frames, rule number, target port number and other feature attributes. The median polish procedure is used on materialized relational views of the data cube to detect changes on the stream of alarms. EXOLAP shows promising results on labeled and unlabeled test sets by focusing on exceptions on the normal stream of alarms, diverting the attention away from false positives.
منابع مشابه
Intrusion Detection based on a Novel Hybrid Learning Approach
Information security and Intrusion Detection System (IDS) plays a critical role in the Internet. IDS is an essential tool for detecting different kinds of attacks in a network and maintaining data integrity, confidentiality and system availability against possible threats. In this paper, a hybrid approach towards achieving high performance is proposed. In fact, the important goal of this paper ...
متن کاملEIDA: An Energy-Intrusion aware Data Aggregation Technique for Wireless Sensor Networks
Energy consumption is considered as a critical issue in wireless sensor networks (WSNs). Batteries of sensor nodes have limited power supply which in turn limits services and applications that can be supported by them. An efcient solution to improve energy consumption and even trafc in WSNs is Data Aggregation (DA) that can reduce the number of transmissions. Two main challenges for DA are: (i)...
متن کاملA Hybrid Machine Learning Method for Intrusion Detection
Data security is an important area of concern for every computer system owner. An intrusion detection system is a device or software application that monitors a network or systems for malicious activity or policy violations. Already various techniques of artificial intelligence have been used for intrusion detection. The main challenge in this area is the running speed of the available implemen...
متن کاملAnt Colony Optimization with Classification Algorithms used for Intrusion Detection
IDS which are increasingly a key part of system defense are used to identify abnormal activities in a computer system. In general, the traditional intrusion detection relies on the extensive knowledge of security experts, in particular, on their familiarity with the computer system to be protected. To reduce this dependence, various data-mining and machine learning techniques have been used in ...
متن کاملAdaptive Anomaly Intrusion Detection System Using Optimized Hoeffding Tree
Anomaly Intrusion Detection System is used to identify a new attack in the network by identifying the deviations in the network traffic patterns. Though it identifies new attacks efficiently, the false alarm rate is usually high in this system. As there may be attack in the network at any time and as the input traffic varies over time, we need a model which efficiently identifies the change in ...
متن کامل