Skip to main content
SpringerLink
Log in

False Alarm Classification Model for Network-Based Intrusion Detection System

  • Conference paper
Book cover Intelligent Data Engineering and Automated Learning – IDEAL 2004 (IDEAL 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3177))

Abstract

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. But they often output a large amount of low-level or incomplete alert information. Such alerts can be unmanageable and also be mixed with false alerts. In this paper we proposed a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The model was implemented based on associative classification in the domain of DDOS attack. We evaluated the false alarm classifier deployed in front of Snort with Darpa 1998 dataset and verified the reduction of false alarm rate. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems.

This work was supported by University IT Research Center, KOSEF RRC and ETRI in Korea.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Schnackenberg, D., Djahandari, K., Sterne, D.: Infrastructure for Intrusion Detection and Response. In: Proceedings of the DARPA ISCE, Hilton Head, SC (January 2000)

    Google Scholar 

  2. Lee, M.J., Shin, M.S., Moon, H.S., Ryu, K.H.: Design and Implementation of Alert Analyzer with Data Mining Engine. In: Liu, J., Cheung, Y.-m., Yin, H. (eds.) IDEAL 2003. LNCS, vol. 2690, Springer, Heidelberg (2003)

    Google Scholar 

  3. Lee, W., Stolfo, S.J., Mok, K.W.: A Data Mining Framework for Building Intrusion Detection Models. In: Proc. The 2nd International Symposium on Recent Advances in Intrusion Detection, RAID (1999)

    Google Scholar 

  4. Ross Quinlan, J.: C4.5: Programs for and Neural Networks, Machine Learning. Morgan Kaufman publishers, San Francisco (1993)

    Google Scholar 

  5. Snort. Open-source Network Intrusion Detection System, http://www.snort.org

  6. Spafford, E.H., Zamboni, D.: Intrusion detection using autonomous agents. Computer Networks 34, 547–570 (2000)

    Article  Google Scholar 

  7. Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Recent Advances in Intrusion Detection. LNCS, pp. 85–103 (2001)

    Google Scholar 

  8. Valdes, A., Skinner, K.: Probabilistic alert correlation. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 54–68. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Tcpdump/Libpcap, Network Packet Capture Program (2003), http://www.tcpdump.org

  10. Ning, P., Cui, Y.: An intrusion alert correlator based on prerequisites of intrusions, Technical Report TR-2002-01, Department of Computer Science, North Carolina State University (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Database Laboratory, Chungbuk National University, Korea

    Moon Sun Shin, Eun Hee Kim & Keun Ho Ryu

Authors
  1. Moon Sun Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eun Hee Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Keun Ho Ryu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Engineering, Computing, and Mathematics, University of Exeter, EX4 4QF, Exeter, UK

    Zheng Rong Yang

  2. School of Electrical and Electronic Engineering, University of Manchester, UK

    Hujun Yin

  3. School of Engineering, Computer Science and Mathematics, University of Exeter, EX4 4QF, UK

    Richard M. Everson

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Shin, M.S., Kim, E.H., Ryu, K.H. (2004). False Alarm Classification Model for Network-Based Intrusion Detection System. In: Yang, Z.R., Yin, H., Everson, R.M. (eds) Intelligent Data Engineering and Automated Learning – IDEAL 2004. IDEAL 2004. Lecture Notes in Computer Science, vol 3177. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28651-6_38

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-28651-6_38

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22881-3

  • Online ISBN: 978-3-540-28651-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation