| Popis: |
The real-time prediction of network security situation can significantly improve the monitoring and emergency response capability of the network. However, in practice, if there are a large amount of false predictions, the network administrators should become insensitive and will finally ignore all prediction results. In this paper, we try to solve this issue and propose a novel False Positive Adaptive (FPA) method for network security situation prediction. The main idea of our method is using extrainformation to reduce the number of false positives in prediction. In the model training step, we take advantage of host and network information to eliminate meaningless alerts produced by security tools such as Intrusion Detection System (IDS) and firewall, thus assuring the accuracy of the training samples. In the prediction step, we utilize the detection information from security tools to confirm the prediction results automatically. If the previous predictions are not detected, they will be considered as false positives and the prediction model will be retrained by incremental learning. In our work, the model training and incremental learning is accomplished efficiently by neural network and boosting algorithm. |
