Adaptive alarm filtering by causal correlation consideration in intrusion detection

Studies in Computational Intelligence

Volumn 199, Issue , 2009, Pages 437-447

  Lin, Heng Sheng ^a   Pao, Hsing Kuo ^b   Mao, Ching Hao ^b   Lee, Hahn Ming ^c   Chen, Tsuhan ^d   Lee, Yuh Jye ^b  

^a System Development and Technical Support Department   (Taiwan)

^b NATIONAL TAIWAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Taiwan)

^c ACADEMIA SINICA   (Taiwan)

^d CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Adaptive learning; Alarm filtering; Ensemble; False alarm; Intrusion detection

Indexed keywords

EID: 65449128886     PISSN: 1860949X     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-00909-9_42     Document Type: Conference Paper

References (13)

1. Alharbt, A., Imai, H.: IDS False Alarm Reduction Using Continuous and Discontinuous Patterns. In: Proc. of the 3th International conf. on Applied Cryptography and Network Security (ACNS 2005), pp. 192-205 (2005)
2. Fern, A., Givan, R.: Online ensemble learning: An empirical study. Machine Learning 53(1), 71-109 (2003)
3. Julisch, K.: Clustering Intrusion Detection Alarms to Support Root Cause Analysis. ACM Trans. on Information and System Security (TISSEC) 6(4), 443-471 (2003)
4. Kidera, T., Ozawa, S., Abe, S.: An Incremental Learning Algorithm of Ensemble Classifier Systems. In: Proc. of the International Joint Conf. on Neural Networks (IJCNN 2006), BC, Canada, pp. 3421-3427 (2006)
5. Law, K.H., Kwok, L.F.: IDS False Alarm Filtering Using KNN Classifier. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 114-121. Springer, Heidelberg (2005)
6. Liaw, K.-K., Wu, Y.-L.: False Alarm Filtering Using SVM and Sliding Window. In: The 3rd Joint Workshop on Information Security (JWIS 2008), Seoul, Korea (July 2008)
7. Mahoney, M.V., Chan, P.K.: An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 220-237. Springer, Heidelberg (2003)
8. Ning, P., Cui, Y., Reeves, D.S., Xu, D.: Techniques and tools for analyzing intrusion alerts. ACM Trans. on Information and System Security (TISSEC) 7(2), 274-318 (2004)
9. Pietraszek, T.: Using adaptive alert classification to reduce false positives in intrusion detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 102-124. Springer, Heidelberg (2004)
10. Schapire, R., Freund, Y., Bartlett, P., Lee, W.S.: Boosting the margins: A new explanation for the effectiveness of voting methods. The Annals of Statistics 26(5), 1651-1686 (1998)
11. Widmer, G., Kubat, M.: Learning in the presence of concept drift and hidden contexts. Machine Learning 23(1), 69-101 (1996)
12. Valeur, F., Vigna, G., Kruegel, C., Kemmerer, R.A.: Comprehensive approach to intrusion detection alert correlation. IEEE Trans. on Dependable and Secure Computing 1(3), 146-169 (2004)
13. Zhu, B., Ghorbani, A.A.: Alert Correlation for Extracting Attack Strategies. International Journal of Network Security 3(3), 224-258 (2006)