Reducing False Positives Based on Time Sequence Analysis

Author

Li, Dong ; Li, Zhitang ; Wang, Li

Author_Institution

Huazhong Univ. of Sci. & Technol., Wuhan

Volume

fYear

2007

fDate

24-27 Aug. 2007

Firstpage

Lastpage

Abstract

Various IDS devices produce large number of alert, the majority of which are false positives. It is laborious for the security officers to find real intrusions. To find intrusions in real time, we should first remove false positives in the alerts. According to the experience of IDS alerts analysis, we find that there are some regularities in alert flow occurrence: power law, trend, periodicity. Based on these statistical regularities, we can operate it based on time sequence effectively. The results of real world data analysis demonstrate that the method can reduce massive false positives in real time effectively.

Keywords

security of data; statistical analysis; data analysis; false positive removal; intrusion detection system; time sequence analysis; Computer worms; Data analysis; Data models; Educational institutions; Intrusion detection; Linux; Machine learning; Protection; RNA; Real time systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Fuzzy Systems and Knowledge Discovery, 2007. FSKD 2007. Fourth International Conference on

Conference_Location

Haikou

Print_ISBN

978-0-7695-2874-8

Type

conf

DOI

10.1109/FSKD.2007.464

Filename

4406355

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2425596