False Alarm Reduction Using Adaptive Agent-Based Profiling

被引：2

作者：

Hacini, Salima ^{[1
]}

Guessoum, Zahia ^{[2
]}

Cheikh, Mohamed ^{[1
]}

机构：

[1] Constantine2 Univ, TLSI Dept, Lire Lab, Constantine, Algeria

[2] Pierre & Marie Curie Univ, LIP6, Paris, France

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY | 2013年 / 7卷 / 04期

关键词：

Adaptive Intrusion Detection; Alert Reduction; Anomaly-Based Detection; False Alarms; Intrusion Detection Systems; Multi-Agent Systems;

D O I：

10.4018/ijisp.2013100105

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

In this paper the authors propose a new efficient anomaly-based intrusion detection mechanism based on multi-agent systems. New networks are particularly vulnerable to intrusion, they are often attacked with intelligent and skilful hacking techniques. The intrusion detection techniques have to deal with two problems: intrusion detection and false alarms. The issue of false alarms has an important impact on the success of the anomaly- based intrusion detection technologies. The purpose of this paper is to improve their accuracy by detecting real attacks and by reducing the number of unnecessary generated alerts. The authors' intrusion detection mechanism relies on a set of agents to ensure the detection and the adaptation of normal profile to support the legitimate dynamic changes that occur and are the cause of high rate of false alarms.

引用

页码：53 / 74

页数：22

共 50 条

[1] Abimbola A.A., Munoz J.M., Buchanan W.J., Investigating false positive reduction in http via procedure analysis, Proceedings of the International Conference on Networking and Services (ICNS 06), pp. 87-93, (2007)
[2] Alshammari R., Sonamthiang S., Teimouri M., Riordan D., Using neuro-fuzzy approach to reduce false positive alerts, Proceedings of the Fifth Annual Conference on Communication Networks and Services Research (CNSR 07), pp. 345-349, (2007)
[3] Anderson J.P., Computer Security Threat Monitoring and Surveillance (Tech. Rep.), (1980)
[4] Axelsson S., The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security, 3, 3, pp. 186-205, (2000)
[5] Badrul N.A., Hasimi S., Identifying false alarm for network intrusion detection system using data mining and decision tree, Proceedings of the 7th Conference on Data Networks, Communications, Computers (DNCOCO08), pp. 22-28, (2008)
[6] Barford P., Jha S., Yegneswara V., Fusion and filtering in distributed intrusion detection systems, Proceedings of the 42nd Annual Allerton Conference on Communication, Control and Computing, (2004)
[7] Bass T., Intrusion detection systems and multisensor data fusion, Communications of the ACM, 43, 4, pp. 99-105, (2000)
[8] Boudaoud K., Détection Dintrusions: Une Nouvelle Approche Par Systèmes Multi-Agents, (2000)
[9] Carbo J., Orfila A., Ribagorda A., Adaptive Agents Applied to Intrusion Detection, pp. 445-453, (2003)
[10] Cheung S., Crawford R., Dilger M., Frank J., Hoagland J., Levitt K.N., Rowe J., Zerkle D., The design of GrIDS: A graph-based intrusion detection system, Proceedings of the CSE-99-2, (1999)

← 1 2 3 4 5 →