IDS False alarm reduction using continuous and discontinuous patterns

Lecture Notes in Computer Science

Volumn 3531, Issue , 2005, Pages 192-205

  Alharby, Abdulrahman ^a   Imai, Hideki ^a  

^a INSTITUTE OF INDUSTRIAL SCIENCE   (Japan)

Author keywords

Alarm reduction; Intrusion detection; Sequential patterns

Indexed keywords

ALARM SYSTEMS; ALGORITHMS; COMPUTER NETWORKS; DATA REDUCTION;

ALARM REDUCTION; FALSE ALARMS; INTRUSION DETECTION; SEQUENTIAL PATTERNS;

SECURITY OF DATA;

EID: 26444495635     PISSN: 03029743     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1007/11496137_14     Document Type: Conference Paper

References (22)

1. The 2004 E-Crime Watch survey, available at: http://www.csoonline.com/ releases/ecrimewatch04.pdf
2. Kumar, S., Spafford E. H.: A Software Architecture to Support Misuse Intrusion Detection. In Proceedings of the 18th National Information Security Conference. (1995) 194-204
3. Forrest, S., Hofmeyr, S. A., Somayaji, A., Logstaff, T. A.: A Sense of Self for Unix process, Proceedings of 1996 IEEE Symposium on Computer Security and Privacy. (1996) 120-128
4. Ilgun, K., Kemmerer, R. A., Porras, P. A.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering, 21(3). (1995) 181-199
5. Javitz, H. S., Valdes, A.: The SRI IDES Statistical Anomaly Detector. In IEEE Symposium on Security and Privacy, Oakland, CA. SRI International. (May 1991)
6. Yihua, L., Vemuri, V. R.: Use of K-Nearest Neighbor classifier for intrusion detection. Computers & Security 21(5). (2002) 439-448
7. Bellovin, S. M.: Packets Found on an Internet. Computer Communications Review, 23(3). (1993) 26-31
8. Paxson, V., Bro,: A System for Detecting Network Intruders in Real-Time. Computer Networks, 31(23-24). (1999) 2435-2463
9. Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In 17th Annual Computer Security Applications Conference (ACSAC). (December 2001) 12-21
10. Yen-Liang, C., Shih-Sheng, C., Ping-Yu H.: Mining hybrid sequential patterns and sequential rules. Information Systems V 27, 5. (2002) 345-362
11. Agrawal, R., Srikant, R.: Mining sequential patterns. Proceedings of the 7th International Conference on Data Engineering, Taipei, Taiwan, IEEE Computer Society. (1995) 3-14
12. Chen, M.S., Park, J.S., Yu, P.S.: Efficient data mining for path traversal patterns, IEEE Trans Knowledge Data Eng, 10(2). (1998) 209-221
13. Han, J., Pei, j., Yin, Y.: Mining frequent patterns without candidate, in proceedings of the 2000 ACM SIGMOD International Conference on Management of Data, Dallas, Texas, ACM Press, New York. (2000) 1-12
14. DARPA Dataset: http://www.ll.mit.edu/IST/ideval/
15. Snort: http://www.snort.org/
16. Roesch, M.: Snort - lightweight intrusion detection system for networks. In: Proceedings of USENIX LISA'99. (1999)
17. Clifton, C., Gengo, G.: Developing Custom Intrusion Detection Filters Using Data Mining. In Military Communications Int'l Symposium (MILCOM2000). (October 2000)
18. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. Computer Networks, 34(4). (October 2000) 571-577
19. Barbara, D., Couto, J., Jajodia, S., Popyack, L., Wu, N.: ADAM: Detecting Intrusions by Data Mining. In IEEE Workshop on Information Assurance and Security. (2001)
20. Lee, W., Stolfo, S. J.: A Framework for Constructing Features and Models for Intrusion Detection Systems. ACM Transactions on Information and System Security, 3(4). (2000) 227-261
21. Valdes, A., Skinner, K.: Probabilistic Alert Correlation. In 4th Workshop on Recent Advances in Intrusion Detection (RAID), LNCS, Springer Verlag. (2001) 54-68
22. Staniford, S., Hoagland, J. A., McAlerney, J. M.: Practical Automated Detection of Stealthy Portscans. In ACM Computer and Communications Security IDS Workshop. (2000) 1-7