ACM SIGCOMM Computer Communication Review
State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
Mining frequent patterns without candidate generation
SIGMOD '00 Proceedings of the 2000 ACM SIGMOD international conference on Management of data
Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
A data mining analysis of RTID alarms
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on recent advances in intrusion detection systems
A framework for constructing features and models for intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Mining hybrid sequential patterns and sequential rules
Information Systems
Efficient Data Mining for Path Traversal Patterns
IEEE Transactions on Knowledge and Data Engineering
ICDE '95 Proceedings of the Eleventh International Conference on Data Engineering
Probabilistic Alert Correlation
RAID '00 Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection
Mining Alarm Clusters to Improve Alarm Handling Efficiency
ACSAC '01 Proceedings of the 17th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
A sense of self for Unix processes
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
A decision support system for constructing an alert classification model
Expert Systems with Applications: An International Journal
Semi-supervised learning for false alarm reduction
ICDM'10 Proceedings of the 10th industrial conference on Advances in data mining: applications and theoretical aspects
A comprehensive vulnerability based alert management approach for large networks
Future Generation Computer Systems
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Intelligent alarm filter using knowledge-based alert verification in network intrusion detection
ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems
Hi-index | 0.00 |
Intrusion Detection Systems (IDSs) are widely deployed in computer networks to stand against a wide variety of attacks. IDSs deployment raises a serious problem, namely managing of a large number of triggered alerts. This problem becomes worse by the fact that some commercial IDSs may generate thousands of alerts per day. Identifying the real alarms from the huge volume of alarms is a frustrating task for security officers. Thus, reducing false alarms is a critical issue in IDSs efficiency and usability. In this paper, we mine historical alarms to learn how future alarms can be handled more efficiently. First, an approach is proposed for characterizing the “normal” stream of alarms. In addition, an algorithm for detecting anomalies by using continuous and discontinuous sequential patterns is developed, and used in preliminary experiments with real-world data to show that the presented model can handle IDSs alarms efficiently.