False Alarm Reduction Using Adaptive Agent-Based Profiling

被引：2

作者：

Hacini, Salima ^{[1
]}

Guessoum, Zahia ^{[2
]}

Cheikh, Mohamed ^{[1
]}

机构：

[1] Constantine2 Univ, TLSI Dept, Lire Lab, Constantine, Algeria

[2] Pierre & Marie Curie Univ, LIP6, Paris, France

来源：

INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY | 2013年 / 7卷 / 04期

关键词：

Adaptive Intrusion Detection; Alert Reduction; Anomaly-Based Detection; False Alarms; Intrusion Detection Systems; Multi-Agent Systems;

D O I：

10.4018/ijisp.2013100105

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

In this paper the authors propose a new efficient anomaly-based intrusion detection mechanism based on multi-agent systems. New networks are particularly vulnerable to intrusion, they are often attacked with intelligent and skilful hacking techniques. The intrusion detection techniques have to deal with two problems: intrusion detection and false alarms. The issue of false alarms has an important impact on the success of the anomaly- based intrusion detection technologies. The purpose of this paper is to improve their accuracy by detecting real attacks and by reducing the number of unnecessary generated alerts. The authors' intrusion detection mechanism relies on a set of agents to ensure the detection and the adaptation of normal profile to support the legitimate dynamic changes that occur and are the cause of high rate of false alarms.

引用

页码：53 / 74

页数：22

共 50 条

[41] Singh U., Gupta S., Incorporation of IDS in real world applications, Journal of Emerging Trends in Computing and Information Sciences, 3, 1, pp. 15-20, (2012)
[42] Stolfo J., Wei F., Lee W., Prodromidis A., Chan P.K., Mining with application to fraud and intrusion detection: Results from the JAM project, Proceedings of DARPA Information Survivability Conference and Exposition, pp. 130-144, (2000)
[43] Tavallaee M., Bagheri E., Lu W., Ghorbani A.A., A detailed analysis of the KDD CUP 99 data set, Proceedings of 2009 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2009, pp. 53-58, (2009)
[44] Verdenius F., Van Someren M.W., Journal of AI Communications 1997). Applications of inductive learning techniques: A survey in the Netherlands. [IOS Press.], 10, 1, pp. 3-20
[45] Viinikka J., Debar H., Monitoring IDS background noise using EWMA control charts and alert information. [Springer-Verlag.], Recent Advances in Intrusion Detection, LNCS, 3224, pp. 166-187, (2004)
[46] Wang K., Stolfo S.J., Anomalous payload-based network intrusion detection. RAID 2004 [Springer-Verlag.], LNCS, 3224, pp. 203-222, (2004)
[47] Yuan Y., Guanzhong D., An intrusion detection expert system with fact-base, Asian Journal of Information Technology, 6, 5, pp. 614-617, (2007)
[48] Zanero S., Behavioural intrusion detection, Proceedings of the 19th ISCIS Symposium, Antalya, Turkey, pp. 657-666, (2004)
[49] Zanero S., Savaresi S.M., Unsupervised learning techniques for an intrusion detection system, Proceedings of the ACM Symposium on Applied Computing, ACM SAC, pp. 412-419, (2004)
[50] Zubair A.B., Multi-Agent systems for protecting critical infrastructures: A survey, Journal of Network and Computer Applications, 35, 3, pp. 1151-1161, (2012)

← 1 2 3 4 5 →