Algorithm of reducing the false positives in IDS based on correlation Analysis

被引:0
|
作者
Liu, Jianyi [1 ]
Li, Sida [1 ]
Zhang, Ru [1 ]
机构
[1] Sch Beijing Univ Posts & Telecommun, Beijing, Peoples R China
来源
2017 INTERNATIONAL SYMPOSIUM ON APPLICATION OF MATERIALS SCIENCE AND ENERGY MATERIALS (SAMSE 2017) | 2018年 / 322卷
关键词
D O I
10.1088/1757-899X/322/6/062016
中图分类号
TE [石油、天然气工业]; TK [能源与动力工程];
学科分类号
0807 ; 0820 ;
摘要
This paper proposes an algorithm of reducing the false positives in IDS based on correlation Analysis. Firstly, the algorithm analyzes the distinguishing characteristics of false positives and real alarms, and preliminary screen the false positives; then use the method of attribute similarity clustering to the alarms and further reduces the amount of alarms; finally, according to the characteristics of multi-step attack, associated it by the causal relationship. The paper also proposed a reverse causation algorithm based on the attack association method proposed by the predecessors, turning alarm information into a complete attack path. Experiments show that the algorithm simplifies the number of alarms, improve the efficiency of alarm processing, and contribute to attack purposes identification and alarm accuracy improvement.
引用
收藏
页数:5
相关论文
共 50 条
  • [1] Reducing false positives based on time sequence analysis
    Li, Dong
    Li, Zhitang
    Wang, Li
    [J]. FOURTH INTERNATIONAL CONFERENCE ON FUZZY SYSTEMS AND KNOWLEDGE DISCOVERY, VOL 4, PROCEEDINGS, 2007, : 67 - 71
  • [2] Reducing False Positives in an Anomaly-Based NIDS
    Hatamikhah, Saeide
    Laali, Mohammad
    [J]. PROCEEDINGS OF THE 7TH INTERNATIONAL CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2012, : 358 - 367
  • [3] REDUCING FALSE POSITIVES BY MARKING AND OVERCLASSIFYING
    Georgescu, Octavian
    [J]. UNIVERSITY POLITEHNICA OF BUCHAREST SCIENTIFIC BULLETIN SERIES C-ELECTRICAL ENGINEERING AND COMPUTER SCIENCE, 2013, 75 (03): : 15 - 26
  • [4] Reducing false positives by marking and overclassifying
    Georgescu, Octavian
    [J]. UPB Scientific Bulletin, Series C: Electrical Engineering, 2013, 75 (03): : 15 - 26
  • [5] Automated Method for Reducing False Positives
    Nehinbe, Joshua Ojo
    [J]. UKSIM-AMSS FIRST INTERNATIONAL CONFERENCE ON INTELLIGENT SYSTEMS, MODELLING AND SIMULATION, 2010, : 54 - 59
  • [6] REDUCING THE FALSE POSITIVES IN RADIOGRAPHIC INTERPRETATION
    GRISCOM, NT
    [J]. AMERICAN JOURNAL OF ROENTGENOLOGY, 1982, 138 (05) : 985 - 985
  • [7] Reducing false positives in intrusion detection systems
    Spathoulas, Georgios P.
    Katsikas, Sokratis K.
    [J]. COMPUTERS & SECURITY, 2010, 29 (01) : 35 - 44
  • [8] Reducing False Positives in the Construction of Adjective Scales
    Zhang, Alice
    [J]. PROCEEDINGS OF THE SEVENTH GLOBAL WORDNET CONFERENCE, GWC 2014, 2014, : 372 - 377
  • [9] On Reducing False Positives of a Bloom Filter in Trie-Based Algorithms
    Mun, Ju Hyoung
    Lim, Hyesook
    [J]. TENTH 2014 ACM/IEEE SYMPOSIUM ON ARCHITECTURES FOR NETWORKING AND COMMUNICATIONS SYSTEMS (ANCS'14), 2014, : 249 - 250
  • [10] Erasure Analyses: Reducing the Number of False Positives
    McClintock, Joseph Clair
    [J]. APPLIED MEASUREMENT IN EDUCATION, 2015, 28 (01) : 14 - 32
12345