An Ais Inspired Alert Reduction Model
نویسندگان
چکیده
One of the most important topics in the field of intrusion detection systems is to find a solution to reduce the overwhelming alerts generated by IDSs in the network. Inspired by danger theory which is one of the most important theories in artificial immune system (AIS) we proposed a complementary subsystem for IDS which can be integrated into any existing IDS models to aggregate the alerts in order to reduce them, and subsequently reduce false alarms among the alerts. After evaluation using different datasets and attack scenarios and also different set of rules, in best case our model managed to aggregate the alerts by the average rate of 97.5 percent. Keywords—Intrusion detection system; Alert fusion; Alert correlation, Artificial Immune system; Danger theory;
منابع مشابه
Semantic Preserving Data Reduction using Artificial Immune Systems
Artificial Immune Systems (AIS) can be defined as soft computing systems inspired by immune system of vertebrates. Immune system is an adaptive pattern recognition system. AIS have been used in pattern recognition, machine learning, optimization and clustering. Feature reduction refers to the problem of selecting those input features that are most predictive of a given outcome; a problem encoun...
متن کاملAn Ais-inspired Architecture for Alert Correlation
There are many different approaches to alert correlation such as using correlation rules and prerequisite-consequences, using machine learning and statistical methods and using similarity measures. In this paper, iCorrelator, a new AIS-inspired architecture, is presented. It uses a three-layer architecture that is inspired by three types of responses in the human immune system: the innate immun...
متن کاملAn Architecture for Alert Correlation Inspired By a Comprehensive Model of Human Immune System
Alert correlation is the process of analyzing, relating and fusing the alerts generated by one or more Intrusion Detection Systems (IDS) in order to provide a high-level and comprehensive view of the security situation of the system or network. Different approaches, such as rule-based, prerequisites consequences-based, learning-based and similarity-based approach are used in correlation process...
متن کاملSTLR: a novel danger theory based structural TLR algorithm
Artificial Immune Systems (AIS) have long been used in the field of computer security and especially in Intrusion Detection systems. Intrusion detection based on AISs falls into two main categories. The first generation of AIS is inspired from adaptive immune reactions but, the second one which is called danger theory focuses on both adaptive and innate reactions to build a more biologically-re...
متن کاملAn Agent Based Classification Model
The major function of this model is to access the UCI Wisconsin Breast Cancer data-set[1] and classify the data items into two categories, which are normal and anomalous. This kind of classification can be referred as anomaly detection, which discriminates anomalous behaviour from normal behaviour in computer systems. One popular solution for anomaly detection is Artificial Immune Systems (AIS)...
متن کامل