Affiliation:
1. Shanghai Ocean University
Abstract
Alert classifiers built with the supervised classification technique require large amounts of labeled training alerts. Preparing for such training data is very difficult and expensive. Thus accuracy and feasibility of current classifiers are greatly restricted. This paper employs semi-supervised learning to build alert classification model to reduce the number of needed labeled training alerts. Alert context properties are also introduced to improve the classification performance. Experiments have demonstrated the accuracy and feasibility of our approach.
Publisher
Trans Tech Publications, Ltd.
Reference12 articles.
1. F. Xiao, S. Jin, and X. Li, A novel data mining-based method for alert reduction and analysis, Journal of networks, vol. 5, no. 1 pp.88-97, (2010).
2. H. Debar and A. Wespi, Aggregation and correlation of intrusion detection alerts, in Proc. of the 4th Int. Symposium on Recent Advances in Intrusion Detection, pp.85-103, (2001).
3. P. Ning, Y. Cui, D. S. Reeves, and X. Dingbang, Techniques and tools for analyzing intrusion alerts, ACM Transactions on Information and System Security, vol. 7, no. 2 pp.274-318, (2004).
4. T. Pietraszek, Using adaptive alert classification to reduce false positives in intrusion detection, in Proc. of the 7th Int. Symposium on Recent Advances in Intrusion Detection, pp.102-124, (2004).
5. T. Subbulakshmi, G. Mathew, and S. M. Shalinie, Real time classification and clustering of IDS alerts using machine learning algorithms, International Journal of Artificial Intelligence & Application(IJAIA), vol. 1, no. 1 pp.1-9, (2010).