Filtering intrusion detection alarms

被引:12
|
作者
Mansour, Nashat [1 ]
Chehab, Maya I. [1 ]
Faour, Ahmad [2 ]
机构
[1] Lebanese Amer Univ, Dept Comp Sci & Math, Beirut, Lebanon
[2] Lebanese Univ, Beirut, Lebanon
来源
CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2010年 / 13卷 / 01期
关键词
Alarm filtering; Computer security; Growing hierarchical self-organizing map; Intrusion detection; Self-organizing map;
D O I
10.1007/s10586-009-0096-9
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.
引用
收藏
页码:19 / 29
页数:11
相关论文
共 50 条
  • [21] EXTERIOR INTRUSION ALARMS FOR PLANT PERIMETER SAFETY
    HIGHTOWER, ED
    TRANSACTIONS OF THE AMERICAN NUCLEAR SOCIETY, 1975, 21 (JUN): : 123 - 123
  • [22] Fast Filtering for Intrusion Detection Systems with the Shift-Or Algorithm
    Oh, Sung-Il
    Lee, Inbok
    Kim, Min Sik
    18TH ASIA-PACIFIC CONFERENCE ON COMMUNICATIONS (APCC 2012): GREEN AND SMART COMMUNICATIONS FOR IT INNOVATION, 2012, : 869 - 870
  • [23] Filtering and Intrusion Detection Approach for Secured Reconfigurable Mobile Systems
    Idriss, Rim
    Loukil, Adlen
    Khalgui, Mohamed
    Li, Zhiwu
    Al-Ahmari, Abdulrahman
    JOURNAL OF ELECTRICAL ENGINEERING & TECHNOLOGY, 2017, 12 (05) : 2051 - 2066
  • [24] Efficient Intrusion Detection With Bloom Filtering in Controller Area Networks
    Groza, Bogdan
    Murvay, Pal-Stefan
    IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2019, 14 (04) : 1037 - 1051
  • [25] A Fusional Intrusion Detection Method Based on the Hierarchical Filtering and Progressive Detection Model
    Gao, Xueqin
    Wu, Qian
    Cai, Junhui
    Li, Qifeng
    IEEE ACCESS, 2023, 11 : 131409 - 131417
  • [26] Hybrid Fuzzy Adaptive Wiener Filtering with Optimization for Intrusion Detection
    Sujendran, Revathi
    Arunachalam, Malathi
    ETRI JOURNAL, 2015, 37 (03) : 502 - 511
  • [27] Indoor Intrusion Detection and Filtering System Using Raspberry Pi
    Razimi, Umi Najiah Ahmad
    Alkawaz, Mohammed Hazim
    Segar, Shamla Devi
    2020 16TH IEEE INTERNATIONAL COLLOQUIUM ON SIGNAL PROCESSING & ITS APPLICATIONS (CSPA 2020), 2020, : 18 - 22
  • [28] Adaptive Alarm Filtering by Causal Correlation Consideration in Intrusion Detection
    Lin, Heng-Sheng
    Pao, Hsing-Kuo
    Mao, Ching-Hao
    Lee, Hahn-Ming
    Chen, Tsuhan
    Lee, Yuh-Jye
    NEW ADVANCES IN INTELLIGENT DECISION TECHNOLOGIES, 2009, 199 : 437 - +
  • [29] RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms
    Manuel Gil Pérez
    Félix Gómez Mármol
    Gregorio Martínez Pérez
    Antonio F. Skarmeta Gómez
    Journal of Network and Systems Management, 2013, 21 : 128 - 167
  • [30] RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms
    Gil Perez, Manuel
    Gomez Marmol, Felix
    Martinez Perez, Gregorio
    Skarmeta Gomez, Antonio F.
    JOURNAL OF NETWORK AND SYSTEMS MANAGEMENT, 2013, 21 (01) : 128 - 167
12345