Intrusion Detection System (IDS) is the most powerful system that can handle the intrusions of the computer environments by triggering alerts to make the analysts take actions to stop this intrusion, but the IDS is triggering alerts for any suspicious activity which means thousand alerts that the analysts should take care of it. IDS generate a large number of alerts and most of them are false positive as the behavior construe for partial attack pattern or lack of environment knowledge. These Alerts has different severities and most of them don't require big attention because of the huge number of the false alerts among them. Monitoring and identifying risky alerts is a major concern to security administrator. Deleting the false alerts or reducing the amount of the alerts (false alerts or real alerts) from the entire amount alerts lead the researchers to design an operational model for minimization of false positive alarms, including recurring alarms by security administrator. In this paper we are proposing a method, which can reduce such kind of false positive alarms.
[1]
Tei-Wei Kuo,et al.
Scenario based threat detection and attack analysis
,
2005,
Proceedings 39th Annual 2005 International Carnahan Conference on Security Technology.
[2]
Bahari Belaton,et al.
Towards implementing intrusion alert quality framework
,
2005,
First International Conference on Distributed Frameworks for Multimedia Applications.
[3]
Stefano Zanero,et al.
Flaws and frauds in the evaluation of IDS/IPS technologies
,
2007
.
[4]
Hideki Imai,et al.
IDS False Alarm Reduction Using Continuous and Discontinuous Patterns
,
2005,
ACNS.
[5]
Mahmoud Jazzar,et al.
Using Fuzzy Cognitive Maps to Reduce False Alerts in SOM-Based Intrusion Detection Sensors
,
2008,
2008 Second Asia International Conference on Modelling & Simulation (AMS).
[6]
Stephen Northcutt,et al.
Network intrusion detection
,
2003
.