Skip to main content
SpringerLink
Log in

SVM Based False Alarm Minimization Scheme on Intrusion Prevention System

  • Conference paper
Computational Science and Its Applications - ICCSA 2006 (ICCSA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 3984))

Included in the following conference series:

  • 890 Accesses

Abstract

The existing well-known network based intrusion detection / prevention techniques such as the misuse detection technique, etc., are widely used. However, because the misuse detection based intrusion prevention system is proportionally depending on the detection rules, it causes excessive large false alarm which is linked to wrong correspondence. This study suggests an intrusion prevention system which uses multi-class Support Vector Machines(SVM) as one of the rule based intrusion prevention system and anomaly detection system in order to solve these problems. When proposed scheme is compared with existing intrusion prevention system, it show enhanced performance result that improve about 20% and propose false positive minimize with effective detection on new variant attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Hyeon-jeong, J.: Intrusion prevention system based on next-generation network security technology. Journal of Information Science Association 23(1), 21–26 (2005)

    Google Scholar 

  2. Krügel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detectionrderung der wissenschaftlichen forschung), under contract number P13731-MAT. The views expressed in this article are those of the authors and do not necessarily reflect the opinions or pos. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Golomb, G.: IDS v. IPS Commentary, Linuxsecurity.com News, 6/16/2003, http://www.linuxsecurity.com/articles/forums_article-7476.html

  4. Internet Security System. The Truth about False Positive, White Technical Report (2001)

    Google Scholar 

  5. Lippman, R., et al.: Evaluation intrusion detection system: The 1998 DARPA Off-line intrusion detection evaluation. In: Proc. Of DARPA Information Survivability Conference and Exposition, pp. 12–26 (2000)

    Google Scholar 

  6. Julisch, K.: Mining alarm clusters to improve alarm handling efficiency. In: 17th Annual Computer Security Application Conference (ACSAC), pp. 12–21 (2000)

    Google Scholar 

  7. Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  8. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. In: 2nd Work-shop on Recent Advances in Intrusion Detection, RAID 1999 (1999)

    Google Scholar 

  10. Campbell, C., Cristianini, N.: Simple Learning Algorithms for Training Support Vector Machines, Technical report, University of Bristol (1998)

    Google Scholar 

  11. http://snort-inline.sourceforge.net

  12. Hsu, C.W., Lin, C.J.: A Comparison of Methods for Multi-class Support Vector Machines. IEEE Transaction on Neural Networks 13(2), 415–425 (2002)

    Article  Google Scholar 

  13. Knerr, S., Personnaz, L., Dreyfus, G.: Single-layer Learning Revisited: A Stepwise Procedure for Building and Training a Neural Network. In: Fogelman, J. (ed.) Neuro-computing: Algorithms. Architectures and Applications. Springer, New York (1990)

    Google Scholar 

  14. Burges, C.J.C.: A Tutorial on Support Vector Machines for Pattern Recognition (1998)

    Google Scholar 

  15. Daelemans, W., Zavrel, J., van der Sloot, K., van denBosch, A.: ”TiMBL:Tilburg Memory Based Learner, version 5.1, Reference Guide”, Technical Report 01-04, Induction of Linguistic Knowledge, Tilburg University (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Div. Computer Information of Software, Hanshin University, 411, Yangsan-dong, Osan, Gyunggi, 447-791, Korea

    Gil-Han Kim & Hyung-Woo Lee

Authors
  1. Gil-Han Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hyung-Woo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary,, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. Department of Mathematics and Computer Science, University of Perugia, via Vanvitelli, 1, I-06123, Perugia, Italy

    Osvaldo Gervasi

  3. William Norris Professor, Head of the Computer Science and Engineering Department, University of Minnesota, USA

    Vipin Kumar

  4. OptimaNumerics Ltd.,, Cathedral House 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  5. Clayton School of IT, Monash University, 3800, Clayton, Australia

    David Taniar

  6. Department of Chemistry, University of Perugia, Via Elce di Sotto, 8, I-06123, Perugia, Italy

    Antonio Laganá

  7. School of Computing, Soongsil University, Seoul, Korea

    Youngsong Mun

  8. School of Information and Communication Engineering, Sungkyunkwan University, Korea

    Hyunseung Choo

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, GH., Lee, HW. (2006). SVM Based False Alarm Minimization Scheme on Intrusion Prevention System. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751649_31

Download citation

  • DOI: https://doi.org/10.1007/11751649_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34079-9

  • Online ISBN: 978-3-540-34080-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation