Intrusion Detection Systems Alerts Reduction
| Autor: | Hassen Sallay, Aymen Akremi, Mohsen Rouached |
|---|---|
| Rok vydání: | 2018 |
| Předmět: |
Reduction (complexity)
010201 computation theory & mathematics Computer science 0202 electrical engineering electronic engineering information engineering 020206 networking & telecommunications 0102 computer and information sciences 02 engineering and technology Intrusion detection system Computer security computer.software_genre 01 natural sciences computer |
| DOI: | 10.4018/978-1-5225-5583-4.ch010 |
| Popis: | Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|