Network specific false alarm reduction in intrusion detection system

Authors:
Neminath Hubballi;Santosh Biswas;Sukumar Nandi
Affiliations:
Department of Computer Science and Engineering, Indian Institute of Technology Guwahati, India;Department of Computer Science and Engineering, Indian Institute of Technology Guwahati, India;Department of Computer Science and Engineering, Indian Institute of Technology Guwahati, India
Venue:
Security and Communication Networks
Year:
2011

Citing 9
Cited 2

Intrusion detection with neural networks

NIPS '97 Proceedings of the 1997 conference on Advances in neural information processing systems 10
Enhancing byte-level network intrusion detection signatures with context

Proceedings of the 10th ACM conference on Computer and communications security
Alarm Reduction and Correlation in Defence of IP Networks

WETICE '04 Proceedings of the 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
A Comprehensive Approach to Intrusion Detection Alert Correlation

IEEE Transactions on Dependable and Secure Computing
ATLANTIDES: an architecture for alert verification in network intrusion detection systems

LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A Threat-Aware Signature Based Intrusion-Detection Approach for Obtaining Network-Specific Useful Alarms

ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
M2D2: a formal data model for IDS alert correlation

RAID'02 Proceedings of the 5th international conference on Recent advances in intrusion detection
Neural networks for classification: a survey

IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Model-driven, network-context sensitive intrusion detection

MODELS'07 Proceedings of the 10th international conference on Model Driven Engineering Languages and Systems

A comprehensive vulnerability based alert management approach for large networks

Future Generation Computer Systems
Network specific vulnerability based alert reduction approach

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

Intrusion Detection Systems (IDSs) are used to find the security violations in computer networks. Usually IDSs produce a vast number of alarms that include a large percentage of false alarms. One of the main reason for such false alarm generation is that, in most cases IDSs are run with default set of signatures. In this paper, a scheme for network specific false alarm reduction in IDS is proposed. A threat profile of the network is created and IDS generated alarms are correlated using neural network. Experiments conducted in a test bed have successfully filtered out most of the false alarms for a range of attacks yet maintaining the Detection Rate. Copyright © 2010 John Wiley & Sons, Ltd.