Filtering intrusion detection alarms

被引：12

作者：

Mansour, Nashat ^{[1
]}

Chehab, Maya I. ^{[1
]}

Faour, Ahmad ^{[2
]}

机构：

[1] Lebanese Amer Univ, Dept Comp Sci & Math, Beirut, Lebanon

[2] Lebanese Univ, Beirut, Lebanon

来源：

CLUSTER COMPUTING-THE JOURNAL OF NETWORKS SOFTWARE TOOLS AND APPLICATIONS | 2010年 / 13卷 / 01期

关键词：

Alarm filtering; Computer security; Growing hierarchical self-organizing map; Intrusion detection; Self-organizing map;

D O I：

10.1007/s10586-009-0096-9

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

A Network Intrusion Detection System (NIDS) is an alarm system for networks. NIDS monitors all network actions and generates alarms when it detects suspicious or malicious attempts. A false positive alarm is generated when the NIDS misclassifies a normal action in the network as an attack. We present a data mining technique to assist network administrators to analyze and reduce false positive alarms that are produced by a NIDS. Our data mining technique is based on a Growing Hierarchical Self-Organizing Map (GHSOM) that adjusts its architecture during an unsupervised training process according to the characteristics of the input alarm data. GHSOM clusters these alarms in a way that supports network administrators in making decisions about true and false alarms. Our empirical results show that our technique is effective for real-world intrusion data.

引用

页码：19 / 29

页数：11

共 50 条

[31] Filtering False Alarms for Static Detection of Array Bounds Violation via Weakest Precondition
Chen, Jie
MATERIALS PROCESSING AND MANUFACTURING III, PTS 1-4, 2013, 753-755 : 2325 - 2328
[32] On road vehicle detection by learning hard samples and filtering false alarms from shadow features
M. S. Kim
Z. Liu
D. J. Kang
Journal of Mechanical Science and Technology, 2016, 30 : 2783 - 2791
[33] Elimination of Rain-Induced Nuisance Alarms in Distributed Fiber Optic Perimeter Intrusion Detection Systems
Mahmoud, Seedahmed S.
Katsifolis, Jim
FIBER OPTIC SENSORS AND APPLICATIONS VI, 2009, 7316
[34] On road vehicle detection by learning hard samples and filtering false alarms from shadow features
Kim, M. S.
Liu, Z.
Kang, D. J.
JOURNAL OF MECHANICAL SCIENCE AND TECHNOLOGY, 2016, 30 (06) : 2783 - 2791
[35] Intrusion Detection With Deep Learning Classifiers: A Synergistic Approach of Probabilistic Clustering and Human Expertise to Reduce False Alarms
Maiga, Abdoul-Aziz
Ataro, Edwin
Githinji, Stanley
IEEE ACCESS, 2024, 12 : 17836 - 17858
[36] Application of Deep Neural Network with Frequency Domain Filtering in the Field of Intrusion Detection
Wang, Zhendong
Li, Jingfei
Xu, Zhenyu
Yang, Shuxin
He, Daojing
Chan, Sammy
INTERNATIONAL JOURNAL OF INTELLIGENT SYSTEMS, 2023, 2023
[37] Intrusion Detection in the Era of loT: Building Trust via Traffic Filtering and Sampling
Meng, Weizhi
COMPUTER, 2018, 51 (07) : 36 - 43
[38] Intrusion Detection Alarm Filtering Technology Based on Ant Colony Clustering Algorithm
Yang, Xu
Hui, Zhao
PROCEEDINGS 2015 SIXTH INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS DESIGN AND ENGINEERING APPLICATIONS ISDEA 2015, 2015, : 470 - 473
[39] Application of a collaborative filtering recommendation algorithm based on cloud model in intrusion detection
Wang D.
Zhou Z.
Journal of Networks, 2011, 6 (02) : 214 - 221
[40] Simulation, Optimisation and Integration of Covert Channels, Intrusion Detection and Packet Filtering Systems
Frikha, Lilia
Trabelsi, Zouheir
2009 GLOBAL INFORMATION INFRASTRUCTURE SYMPOSIUM (GIIS 2009), 2009, : 322 - +

← 1 2 3 4 5 →