Intelligent alarm filter using knowledge-based alert verification in network intrusion detection

Authors:
Yuxin Meng;Wenjuan Li;Lam-for Kwok
Affiliations:
Department of Computer Science, College of Science and Engineering, City University of Hong Kong, Hong Kong, China;Computer Science Division, Zhaoqing Foreign Language College, Guangdong, China;Department of Computer Science, College of Science and Engineering, City University of Hong Kong, Hong Kong, China
Venue:
ISMIS'12 Proceedings of the 20th international conference on Foundations of Intelligent Systems
Year:
2012

Citing 12
Cited 0

Bro: a system for detecting network intruders in real-time

Computer Networks: The International Journal of Computer and Telecommunications Networking
The base-rate fallacy and the difficulty of intrusion detection

ACM Transactions on Information and System Security (TISSEC)
Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory

ACM Transactions on Information and System Security (TISSEC)
NetSTAT: A Network-Based Intrusion Detection Approach

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Detecting Anomalous and Unknown Intrusions Against Programs

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis

ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection

SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation

CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
IDS false alarm reduction using continuous and discontinuous patterns

ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
IDS false alarm filtering using KNN classifier

WISA'04 Proceedings of the 5th international conference on Information Security Applications
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome.