![Data mining and machine learning-Towards reducing false positives in intrusion detection [An article from: Information Security Technical Report]](https://www.ebooknetworking.net/books/B00/0RR/bigB000RR4JVM.jpg)
Data mining and machine learning-Towards reducing false positives in intrusion detection [An article from: Information Security Technical Report]
Book Details
Author(s)T. Pietraszek, A. Tanner
PublisherElsevier
ISBN / ASINB000RR4JVM
ISBN-13978B000RR4JV0
AvailabilityAvailable for download now
Sales Rank11,544,255
MarketplaceUnited States 🇺🇸
Description
This digital document is a journal article from Information Security Technical Report, published by Elsevier in 2005. The article is delivered in HTML format and is available in your Amazon.com Media Library immediately after purchase. You can view it with any web browser.
Description:
Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts to report them. These alerts are presented to a human analyst, who evaluates them and initiates an adequate response. In practice, IDSs have been observed to trigger thousands of alerts per day, most of which are mistakenly triggered by benign events (i.e., false positives). This makes it extremely difficult for the analyst to correctly identify alerts related to attacks (i.e., true positives). In this paper, we present two orthogonal and complementary approaches to reduce the number of false positives in intrusion detection using alert postprocessing by data mining and machine learning. Moreover, these two techniques, because of their complementary nature, can be used together in an alert-management system. These concepts have been verified on a variety of data sets, and achieved a significant reduction in the number of false positives in both simulated and real environments.
Description:
Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts to report them. These alerts are presented to a human analyst, who evaluates them and initiates an adequate response. In practice, IDSs have been observed to trigger thousands of alerts per day, most of which are mistakenly triggered by benign events (i.e., false positives). This makes it extremely difficult for the analyst to correctly identify alerts related to attacks (i.e., true positives). In this paper, we present two orthogonal and complementary approaches to reduce the number of false positives in intrusion detection using alert postprocessing by data mining and machine learning. Moreover, these two techniques, because of their complementary nature, can be used together in an alert-management system. These concepts have been verified on a variety of data sets, and achieved a significant reduction in the number of false positives in both simulated and real environments.
