Title :
False positive reduction in intrusion detection system: A survey
Author :
Abouabdalla, Omar ; El-Taj, Homam ; Manasrah, Ahmed ; Ramadass, Sureswaran
Author_Institution :
Nat. Adv. IPv6 Centre (NAv6), Univ. Sains Malaysia, Penang, Malaysia
Abstract :
Since the first intrusion detection system and up to this moment all IDSs had generated thousands and thousands of alerts and most of these alerts are false alerts, which lead the researchers to develop an idea to reduce the rate of the alerts or at least the false alerts of them. One of the ideas was to create correlation methods which cover the problem of dealing with the huge amount of both real alerts as well as false alerts. The techniques used in this area plan to help the analyst party to analyze these alerts to distinguish between alerts generated by real attacks and legal traffic. This paper will highlight the false positive reduction techniques surrounding this area.
Keywords :
computer networks; correlation methods; security of data; correlation method; false alert; false positive reduction; intrusion detection system; Association rules; Computer networks; Correlation; Data mining; Intrusion detection; Law; Legal factors; Standards development; Telecommunication traffic; XML; Alert Correlation; Computer security; False Positive Alerts; Intrusion Detection System;
Conference_Titel :
Broadband Network & Multimedia Technology, 2009. IC-BNMT '09. 2nd IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4244-4590-5
Electronic_ISBN :
978-1-4244-4591-2
DOI :
10.1109/ICBNMT.2009.5348536
