Using Alert Cluster to reduce IDS Alerts

被引:0
|
作者
Njogu, Humphrey Waita [1 ]
Luo Jiawei [1 ]
机构
[1] Hunan Univ, Sch Comp & Commun, Changsha, Hunan, Peoples R China
来源
PROCEEDINGS OF 2010 3RD IEEE INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (ICCSIT 2010), VOL 5 | 2010年
基金
中国国家自然科学基金;
关键词
Alert Clustering; Supporting Evidence; Vulnerability data; Alert Reduction; Data Mining;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Intrusion Detection Systems (IDSs) are known to produce huge volumes of alerts. The interesting alerts are always mixed with irrelevant, duplicate and non interesting alerts. Huge volumes of poorly sorted and unclustered alerts frustrate the efforts of analysts when identifying the interesting alerts. Therefore, the unmanageable amount of poorly sorted alerts is a critical issue affecting the performance of IDSs. This paper proposes a better mechanism to compute the similarities of the verified alerts using the distance among the new alert features. Our approach uses the both clustering technique and Supporting Evidence (Vulnerability data) to build a robust Alert Cluster. Our goal was to reduce the unnecessary alert load and improve the quality of alerts sent to the analysts. We can confidently state that our approach significantly reduced the unnecessary alert loads and improved the quality of alerts.
引用
收藏
页码:467 / 471
页数:5
相关论文
共 50 条
  • [1] Using Neuro-Fuzzy Techniques to Reduce False Alerts in IDS
    Gaonjur, Pravesh
    Tarapore, N. Z.
    Pukale, S. G.
    Dhore, M. L.
    [J]. PROCEEDINGS OF THE 2008 16TH INTERNATIONAL CONFERENCE ON NETWORKS, 2008, : 505 - 510
  • [2] Experts' knowledge merging to reduce IDS alerts number
    Bouzar-Benlabiod, Lydia
    Meziani, Lila
    Chebieb, Abdelkrim
    Rim, Nacer-Eddine
    Mellal, Zakaria
    [J]. 2016 INTERNATIONAL CONFERENCE ON COLLABORATION TECHNOLOGIES AND SYSTEMS (CTS), 2016, : 418 - 423
  • [3] An efficient approach to reduce alerts generated by multiple IDS products
    Tu Hoang Nguyen
    Luo, Jiawei
    Njogu, Humphrey Waita
    [J]. INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2014, 24 (03) : 153 - 180
  • [4] Training MLP Neural Network to Reduce False Alerts in IDS
    Barapatre, Prachi
    Tarapore, N. Z.
    Pukale, S. G.
    Dhore, M. L.
    [J]. ICCN: 2008 INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND NETWORKING, 2008, : 318 - 324
  • [5] Improving the management of IDS alerts
    Tu Hoang Nguyen
    Luo, JiaWei
    Njogu, Humphrey Waita
    [J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2014, 8 (03): : 393 - 406
  • [6] Modeling Alerts for IDS Correlation
    Roschke, Sebastian
    Cheng, Feng
    Meinel, Christoph
    [J]. JOURNAL OF INFORMATION ASSURANCE AND SECURITY, 2011, 6 (02): : 98 - 105
  • [7] Correlation analysis system using VA data, IDS alerts
    Lee, Jong-Hyouk
    Chung, Tai-Myung
    [J]. Advances in Computational Methods in Sciences and Engineering 2005, Vols 4 A & 4 B, 2005, 4A-4B : 1600 - 1603
  • [8] IDS alerts correlation using grammar-based approach
    Al-Mamory, Safaa O.
    Zhang, Hongli
    [J]. JOURNAL OF COMPUTER VIROLOGY AND HACKING TECHNIQUES, 2009, 5 (04): : 271 - 282
  • [9] A survey on IDS alerts processing techniques
    Al-Mamory, Safaa O.
    Zhang, Hong Li
    [J]. PROCEEDINGS OF THE 6TH WSEAS INTERNATIONAL CONFERENCE ON INFORMATION SECURITY AND PRIVACY (ISP '07): ADVANCED TOPICS IN INFORMATION SECURITY AND PRIVACY, 2007, : 69 - 78
  • [10] Experiences implementing a common format for IDS alerts
    Erlinger, M
    Feinstein, B
    Matthews, G
    Staniford, S
    Walther, A
    [J]. 17TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, 2001, : 113 - 113
12345