Reduction of false positives in intrusion detection via adaptive alert classifier

Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008

Volumn , Issue , 2008, Pages 1599-1602

  Tian, Zhihong ^a   Zhang, Weizhe ^a   Ye, Jianwei ^a   Yu, Xiangzhan ^a   Zhang, Hongli ^a  

^a HARBIN INSTITUTE OF TECHNOLOGY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

CLASSIFIERS; COMPUTER CRIME; LEARNING SYSTEMS; MINING;

ADAPTIVE; FALSE POSITIVES; HUMAN OPERATORS; INTRUSION DETECTION SYSTEMS; PATTERN MINING METHODS; TRUE POSITIVES;

INTRUSION DETECTION;

EID: 54249114188     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICINFA.2008.4608259     Document Type: Conference Paper

References (12)

1. P. Ning, D.B. Xu, "Hypothesizing and Reasoning about Attacks Missed by Intrusion Detection Systems," ACM Transactions on Information and System Security 2004, pp. 1-34.
2. th Workshop on Recent Advances in Intrusion Detection. 2000.
3. nd Workshop of Frequent Item Set Mining Implementations, 2004, Brighton, UK.
4. A. Valdes and K. Skinner. "Probabilistic alert correlation," Lecture Notes in Computer Science, 2212:54-68, 2001.
5. P. Porras, M. Fong, A. Valdes. "A mission impact-based approach to INFOSEC alarm correlation," In fifth international workshop on the recent advances in intrusion detection. Zurich, Switzerland; October 2002.
6. B. Morin and H. Debar. "Correlation of Intrusion Symptoms: an Application of Chronicles," RAID 2003. Springer Verlag. pp. 97-112.
7. J. Klaus. "Clustering intrusion detection alarms to support root cause analysis," ACM Transactions on information and system security. New York, NY, USA. 2003:443-471.
8. R. Agrawal, T. Imielinski, and A. Swami. "Mining association rules between sets of items in large databases," In Proc. of the ACM SIGMOD Conf. on Management of Data, 1993, pp. 207-216.
9. M. Roesch, "SNORT. The Open Source Network Intrusion System," Web page at http://www.snort.org (1998-2003).
10. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. Addendum to "Testing and Evaluating Computer Intrusion Detection Systems," CACM, 42(9):15, September 1999.
11. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. "Testing and Evaluating Computer Intrusion Detection Systems," CACM, 42(7):53-61, July 1999
12. V. Jacobson, C. Leres, McCanne, S.: TCPDUMP public repository. Web page at http://www.tcpdump.org/(2003).