Title :
Reduction of false positives in intrusion detection via adaptive alert classifier
Author :
Tian, Zhihong ; Zhang, Weizhe ; Ye, Jianwei ; Yu, Xiangzhan ; Zhang, HongLi
Author_Institution :
Res. Center of Comput. Network & Inf. Security Technol., Harbin Inst. of Technol., Harbin
Abstract :
An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operatorspsila workload.
Keywords :
data mining; learning (artificial intelligence); pattern classification; security of data; adaptive alert classifier; adaptive knowledge learning; alert management; false positive reduction; intrusion detection system; operator feedback; pattern mining; redundant alert; Automation; Computer network management; Computer networks; Conference management; Feedback; Fuses; Humans; Information security; Intrusion detection; Technology management;
Conference_Titel :
Information and Automation, 2008. ICIA 2008. International Conference on
Conference_Location :
Changsha
Print_ISBN :
978-1-4244-2183-1
Electronic_ISBN :
978-1-4244-2184-8
DOI :
10.1109/ICINFA.2008.4608259
