Adaptive false alarm filter using machine learning in intrusion detection

Advances in Intelligent and Soft Computing

Volumn 124, Issue , 2011, Pages 573-584

  Meng, Yuxin ^a   Kwok, Lam For ^a  

^a CITY UNIVERSITY OF HONG KONG   (Hong Kong)

Author keywords

Adaptive system; False alarm; Intrusion detection; Machine learning

Indexed keywords

DETECTION PROCESS; EFFECTIVE SOLUTION; EVALUATION RESULTS; FALSE ALARMS; INTRUSION DETECTION SYSTEMS; MACHINE-LEARNING;

ADAPTIVE SYSTEMS; ERRORS; INTELLIGENT SYSTEMS; INTRUSION DETECTION; KNOWLEDGE ENGINEERING; LEARNING ALGORITHMS; LEARNING SYSTEMS; NETWORK SECURITY;

ALARM SYSTEMS;

EID: 84855246268     PISSN: 18675662     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-25658-5_68     Document Type: Conference Paper

References (18)

1. Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. Computer Networks 31(23-24), 2435-2463 (1999)
2. Roesch,M.: Snort-lightweight intrusion detection for networks. In: Large Installation System Administration Conference, pp. 229-238 (1999)
3. Scarfone, K., Mell, P.: Guide to Intrusion Detection and Prevention Systems (IDPS), pp. 800-894. NIST Special Publication (2007)
4. Axelsson, S.: The base-rate fallacy and the difficulty of intrusion detection. ACM Transactions on Information and System Security, 186-205 (August 2000)
5. Hwang, K., Cai, M., Chen, Y., Qin, M.: Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes. IEEE Transactions on Dependable and Secure Computing, 41-55 (January 2007)
6. Snort - The Open Source Network Intrusion Detection System, http://www.snort.org/
7. McHugh, J.: Testing intrusion detection systems: a critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory. ACM Transactions on Information System Security, 262-294 (2000)
8. Lippmann, R.P., Fried, D.J., Graf, I., Haines, J.W., Kendall, K.R., McClung, D., Weber, D., Webster, S.E., Wyschogrod, D., Cunningham, R.K., Zissman, M.A.: Evaluating intrusion detection systems: the 1998 DARPA off-line intrusion detection evaluation. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 12-26 (2000)
9. Ptacek, T.H., Newsham, T.N.: Insertion, evation, and denial of service: Eluding network intrusion detection. Technical Report, Secure Networks (January 1998)
10. Pietraszek, T.: Using Adaptive Alert Classification to Reduce False Positives in Intrusion Detection. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol. 3224, pp. 102-124. Springer, Heidelberg (2004)
11. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks, 571-577 (October 2000)
12. Law, K.H., Kwok, L.F.: IDS False Alarm Filtering Using KNN Classifier. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 114-121. Springer, Heidelberg (2005)
13. Davenport, M.A., Baraniuk, R.G., Scott, C.D.: Controlling false alarms with support vector machines. In: International Conference on Acoustics, Speech and Signal (ICASSP), pp. 589- 592 (May 2006)
14. Alharby, A., Imai, H.: IDS false alarmreduction using continuous and discontinuous patterns. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 192- 205. Springer, Heidelberg (2005)
15. Lee, W., Stolfo, S.J.: A framework for constructing features and models for intrusion detection systems. ACM Transactions on Information and System Security (TISSEC), 227-261 (2000)
16. WEKA - Waikato Environment for Knowledge Analysis (Open source), http://www.cs.waikato.ac.nz/ml/weka/
17. Colasoft Packet Builder, http://www.colasoft.com/packet-builder/
18. Lippmann, R., Haines, J.W., Fried, D.J., Korba, J., Das, K.: The 1999 DARPA off-line intrusion detection evaluation. Computer Networks: The International Journal of Computer and Telecommunications Networking, 579-595 (October 2000)