Bro: a system for detecting network intruders in real-time
Computer Networks: The International Journal of Computer and Telecommunications Networking
The base-rate fallacy and the difficulty of intrusion detection
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Detecting Anomalous and Unknown Intrusions Against Programs
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
Outside the Closed World: On Using Machine Learning for Network Intrusion Detection
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Intrusion detection alert verification based on multi-level fuzzy comprehensive evaluation
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part I
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
IDS false alarm filtering using KNN classifier
WISA'04 Proceedings of the 5th international conference on Information Security Applications
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
Hi-index | 0.00 |
Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome.