Deep Features Based IDS Alarm False Positive Elimination Algorithm
Authors: 
Jie Cheng, Jingchu Wang, Ang Xia, Lu Teng, Jianyi LiuAuthors Info & Claims
Jie Cheng, Jingchu Wang, Ang Xia, Lu Teng, Jianyi LiuAuthors Info & ClaimsPages 565 - 570
Abstract
Aiming at the problem that there are a lot of false alarms in the original alarm log data of IDS, a false alarm elimination algorithm based on deep features is proposed. The algorithm extracts six kinds of deep features by using the relevant features of real alarms, and inputs them into the four-layer neural network to judge the authenticity of alarm logs. The experiments show that this method can quickly and effectively filter out false alarms from a large number of alarm logs.
References
[1]
Liu X, Xiao D. Using Vulnerability Analysis to Model Attack Scenario for Collaborative Intrusion Detection[C]// International Conference on Advanced Communication Technology. IEEE, 2008.
[2]
Kruegel C, Robertson W. Alert Verification - Determining the Success of Intrusion Attempts[J]. 2004:1–14.
[3]
Sommer R, Paxson V. Enhancing byte-level network intrusion detection signatures with context[C]// ACM Conference on Computer and Communications Security, CCS 2003, Washington, Dc, Usa, October. DBLP, 2003:262-271.
[4]
Alserhani F, Akhlaq M, Awan I U, MARS: Multi-stage Attack Recognition System[C]// 24th IEEE International Conference on Advanced Information Networking and Applications, AINA 2010, Perth, Australia, 20-13 April 2010. IEEE, 2010.
[5]
Valeur F, Vigna G, Kruegel C, Comprehensive approach to intrusion detection alert correlation[J]. IEEE Transactions on Dependable and Secure Computing, 2004, 1(3):146-169.
[6]
Hacini S, Guessoum Z, Cheikh M. False Alarm Reduction Using Adaptive Agent-Based Profiling[J]. International Journal of Information Security and Privacy (IJISP), 2013, 7(4):53-74.
[7]
Hu L, Li T, Xie N, False positive elimination in intrusion detection based on clustering[C]//2015 12th International conference on fuzzy systems and knowledge discovery (FSKD). IEEE, 2015: 519-523.
[8]
Qiao L B, Zhang B F, Zhao R Y, Online Mining of Attack Models in IDS Alerts from Network Backbone by a Two-Stage Clustering Method[M]// Cyberspace Safety and Security. Springer International Publishing, 2013.
[9]
Zhang Z, Shen H. Suppressing false alarms of intrusion detection using improved text categorization method[C]// IEEE International Conference on E-Technology, E-Commerce and E-Service. IEEE, 2004:163-166.
[10]
Xiao Y, Han C, Zheng Q. An Approach to Filter False Positive Alerts Based on RS-SVM Theory. Journal of Electronics & Information Technology. 2007, 29(12):3011-3014.
[11]
Wang T, Zhang C, Lu Z, Identifying truly suspicious events and false alarms based on alert graph[C]//2019 IEEE International Conference on Big Data (Big Data). IEEE, 2019: 5929-5936.
[12]
Meng Y, Li W. Intelligent alarm filter using knowledge-based alert verification in network intrusion detection[C]//International Symposium on Methodologies for Intelligent Systems. Springer, Berlin, Heidelberg, 2012: 115-124.
[13]
MIT Lincoln Laboratory DDoS 1.0 Intrusion Detection Dataset [DB/OL].http://www.ll.mit.edu/IST/ideval/data/2000/LLS_DDOS_1.0.html
Index Terms
- Deep Features Based IDS Alarm False Positive Elimination Algorithm
Recommendations
Anomaly-based network IDS false alarm filter using cluster-based alarm classification approach
Anomaly-based network intrusion detection systems A-NIDS are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge ...
IDS false alarm filtering using KNN classifier
WISA'04: Proceedings of the 5th international conference on Information Security ApplicationsIntrusion detection is one of he important aspects in computer security. Many commercial intrusion detection systems (IDSs) are available and are widely used by organizations. However, most of them suffer from the problem of high false alarm rate, which ...
IDS false alarm reduction using continuous and discontinuous patterns
ACNS'05: Proceedings of the Third international conference on Applied Cryptography and Network SecurityIntrusion Detection Systems (IDSs) are widely deployed in computer networks to stand against a wide variety of attacks. IDSs deployment raises a serious problem, namely managing of a large number of triggered alerts. This problem becomes worse by the ...
Comments
Information & Contributors
Information
Published In
November 2022
683 pages
ISBN:9781450397056
DOI:10.1145/3581807
Copyright © 2022 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 22 May 2023
Check for updates
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCPR 2022
ICCPR 2022: 2022 11th International Conference on Computing and Pattern Recognition
November 17 - 19, 2022
Beijing, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 29Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)0
Reflects downloads up to 01 Mar 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format