The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
The 1999 DARPA off-line intrusion detection evaluation
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Using Neuro-Fuzzy Approach to Reduce False Positive Alerts
CNSR '07 Proceedings of the Fifth Annual Conference on Communication Networks and Services Research
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Expert Systems with Applications: An International Journal
| Hi-index | 0.00 |
It is a common issue that an Intrusion Detection System (IDS) might generate thousand of alerts per day. The problem has got worse by the fact that IT infrastructure have become larger and more complicated, the number of generated alarms that need to be reviewed can escalate rapidly, making the task very difficult to manage. Moreover, a significant problem facing current IDS technology now is the high level of false alarms. The main purpose of this paper is to investigate the extent of false alarms problem in Snort, using the 1999 DARPA IDS evaluation dataset. A thorough investigation has been carried out to assess the accuracy of alerts generated by Snort IDS. Significantly, this experiment has revealed an unexpected result; with 69% of total generated alerts are considered to be false alarms.