Mining intrusion detection alarms for actionable knowledge
Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Learning attack strategies from intrusion alerts
Proceedings of the 10th ACM conference on Computer and communications security
Clustering intrusion detection alarms to support root cause analysis
ACM Transactions on Information and System Security (TISSEC)
Techniques and tools for analyzing intrusion alerts
ACM Transactions on Information and System Security (TISSEC)
Hypothesizing and reasoning about attacks missed by intrusion detection systems
ACM Transactions on Information and System Security (TISSEC)
Time series modeling for IDS alert management
ASIACCS '06 Proceedings of the 2006 ACM Symposium on Information, computer and communications security
Factor-analysis based anomaly detection and clustering
Decision Support Systems
Improving the quality of alerts and predicting intruder's next goal with Hidden Colored Petri-Net
Computer Networks: The International Journal of Computer and Telecommunications Networking
ATLANTIDES: an architecture for alert verification in network intrusion detection systems
LISA'07 Proceedings of the 21st conference on Large Installation System Administration Conference
A vulnerability-driven approach to active alert verification
ICCOM'05 Proceedings of the 9th WSEAS International Conference on Communications
A Graph Based Approach Toward Network Forensics Analysis
ACM Transactions on Information and System Security (TISSEC)
The Problem of False Alarms: Evaluation with Snort and DARPA 1999 Dataset
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Finding Corrupted Computers Using Imperfect Intrusion Prevention System Event Data
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Case-oriented alert correlation
WSEAS Transactions on Computers
Intrusion detection alarms reduction using root cause analysis and clustering
Computer Communications
Processing intrusion detection alert aggregates with time series modeling
Information Fusion
Chasing a Definition of "Alarm"
Journal of Network and Systems Management
Data mining and machine learning-Towards reducing false positives in intrusion detection
Information Security Tech. Report
Towards identifying true threat from network security data
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
Malware characterization through alert pattern discovery
LEET'09 Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
A survey on IDS alerts processing techniques
ISP'07 Proceedings of the 6th WSEAS international conference on Information security and privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Alert correlation in collaborative intelligent intrusion detection systems-A survey
Applied Soft Computing
SVM based false alarm minimization scheme on intrusion prevention system
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part V
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
Intrusion detection: introduction to intrusion detection and security information management
Foundations of Security Analysis and Design III
Conceptual analysis of intrusion alarms
ICIAP'05 Proceedings of the 13th international conference on Image Analysis and Processing
IDS false alarm filtering using KNN classifier
WISA'04 Proceedings of the 5th international conference on Information Security Applications
A multiple agents based intrusion detection system
KES'05 Proceedings of the 9th international conference on Knowledge-Based Intelligent Information and Engineering Systems - Volume Part I
A cognitive model for alert correlation in a distributed environment
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
The semantics of alarm definitions: enabling systematic reasoning about alarms
International Journal of Network Management
| Hi-index | 0.00 |
It is a well-known problem that intrusion detection systemsoverload their human operators by triggering thousandsof alarms per day. As a matter of fact, we havebeen asked by one of our service divisions to help themdeal with this problem. This paper presents the results ofour research, validated thanks to a large set of operationaldata. We show that alarms should be managed by identifyingand resolving their root causes. Alarm clustering isintroduced as a method that supports the discovery of rootcauses. The general alarm clustering problem is proved tobe NP-complete, an approximation algorithm is proposed,and experiments are presented.