Using outlier detection to reduce false positives in intrusion detection

Proceedings - 2008 IFIP International Conference on Network and Parallel Computing, NPC 2008

Volumn , Issue , 2008, Pages 26-33

  Xiao, Fu ^a   Li, Xie ^a  

^a NANJING UNIVERSITY   (China)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; PARALLEL PROCESSING SYSTEMS; SOFTWARE PROTOTYPING;

ATTRIBUTE VALUES; DOMAIN KNOWLEDGES; FALSE POSITIVES; FILTERING MECHANISMS; HUMAN ASSISTANCES; INTRUSION DETECTION SYSTEMS; NOVEL METHODS; OUTLIER DETECTION ALGORITHMS; OUTLIER DETECTIONS; PROTOTYPE IMPLEMENTATIONS; REAL TIMES;

INTRUSION DETECTION;

EID: 57949100384     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NPC.2008.26     Document Type: Conference Paper

References (15)

1. K. Julisch, M. Dacier, "Mining Intrusion Detection Alarms for Actionable Knowledge", Proceedings of KDD'02, ACM Press, New York, 2002, pp. 366-375.
2. T. Pietraszek, "Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection", Proceedings of RAID'04, Springer, Heidelberg, 2004, pp. 102-124.
3. K. Julisch, "Mining Alarm Clusters to Improve Alarm Handling Efficiency", Proceedings of ACSAC'01, IEEE Press, New York, 2001, pp. 12-21.
4. K. Julisch, "Clustering Intrusion Detection Alarms to Support Root Cause Analysis", ACM Transactions on Information and System Security, 2003, 6(4), pp. 443-471.
5. C. Clifton, G. Gengo, "Developing Custom Intrusion Detection Filters Using Data Mining", Proceedings of MILCOM 2000, IEEE Press, New York, 2000, pp. 440-443.
6. A. Alharby, H. Imai, "IDS False Alarm Reduction Using Continuous and Discontinuous Patterns". Proceedings of ACNS 2005, Springer, Heidelberg, 2005, pp. 192-205.
7. S. Manganaris, M. Christensen, D. Zerkle, et al, "A Data Mining Analysis of RTID Alarms", Computer Networks, 2000, 34(4), pp. 571-577.
8. J. Viinikka, H. Debar, L. Mé, et al, "Time Series Modeling for IDS Alert Management", Proceedings of AsiaCCS'06, ACM Press, New York, 2006, pp. 102-113.
9. P. Ning, Y. Cui, D. Reeves, et al, "Tools and Techniques for Analyzing Intrusion Alerts", ACM Transactions on Information and System Security, 2004, 7(2), pages 273-318.
10. L. Ertoz, E. Eilertson, A. Lazarevic, et al, "Detection of Novel Network Attacks Using Data Mining", Proceedings of DMSEC 2003, IEEE Press, New York, 2003, pp. 1-10.
11. P. Dokas, L. Ertoz, V. Kumar, et al, "Data Mining for Network Intrusion Detection", Proceedings of NSF Workshop on Next Generation Data Mining, AAAI/MIT Press, Cambridge, 2002, pp. 21-30.
12. Z. He, X. Xu, J.Z. Huang, et al, "FP-Outlier: Frequent Pattern Based Outlier Detection", Computer Science and Information System, 2005, 2(1), pp. 103-118.
13. A. Leuski, "Evaluation Document Clustering of Interactive Information Retrieval", Proceedings of ACM CIKM'01, ACM Press, New York, 2001, pp. 33-40.
14. I.H. Witten, E Frank, Data Mining: Practical Machine Learning Tools with Java Implementations. Morgan Kaufmann, San Francisco, 2000.
15. J. McHugh, "The 1998 Lincoln Laboratory IDS Evaluation (A Critique)", Proceedings of RAID 2000, Springer, Heidelberg, 2000, pp. 145-161.