Enhancing Intrusion Detection Systems Using Intelligent False Alarm Filter-Reference-Cited by-同舟云学术

Enhancing Intrusion Detection Systems Using Intelligent False Alarm Filter

Published:2014 Issue: Volume: Page:214-236
ISSN:1948-9730
Container-title:Architectures and Protocols for Secure Information Technology Infrastructures
language:
Short-container-title:

Author:

Meng Yuxin¹,Kwok Lam-For¹

Affiliation:

1. City University of Hong Kong, China

Abstract

Intrusion Detection Systems (IDSs) have been widely implemented in various network environments as an essential component for current Information and Communications Technologies (ICT). However, false alarms are a big problem for these systems, in which a large number of IDS alarms, especially false positives, could be generated during their detection. This issue greatly decreases the effectiveness and the efficiency of an IDS and heavily increases the burden on analyzing real alarms. To mitigate this problem, in this chapter, the authors identify and analyze the reasons for causing this problem, present a survey through reviewing some related work in the aspect of false alarm reduction, and introduce a promising solution of constructing an intelligent false alarm filter to refine false alarms for an IDS.

Publisher

IGI Global

Reference60 articles.

1. Alharby, A., & Imai, H. (2005). IDS false alarm reduction using continuous and discontinuous patterns. In Proceedings of the 3rd International Conference on Applied Cryptography and Network Security (pp. 192-205). Springer-Verlag.

2. A hybrid intrusion detection system design for computer network security

3. Alserhani, F., Akhlaq, M., Awan, I. U., & Cullen, A. J. (2011). Event-based alert correlation system to detect SQLI activities. In Proceedings of the 2011 International Conference on Advanced Information Networking and Applications (pp. 175-182). IEEE Press.

4. The base-rate fallacy and the difficulty of intrusion detection