Title :
Context-aware intrusion alerts verification approach
Author :
Saad, Sherif ; Traore, Issa ; Brocardo, Marcelo Luiz
Author_Institution :
Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC, Canada
Abstract :
Intrusion detection systems (IDSs) produce a massive number of intrusion alerts. A huge number of these alerts are false positives. Investigating false positive alerts is an expensive and time consuming process, and as such represents a significant problem for intrusion analysts. This shows the needs for automated approaches to eliminate false positive alerts. In this paper, we propose a novel alert verification and false positives reduction approach. The proposed approach uses context-aware and semantic similarity to filter IDS alerts and eliminate false positives. Evaluation of the approach with an IDS dataset that contains massive number of IDS alerts yields strong performance in detecting false positive alerts.
Keywords :
security of data; ubiquitous computing; IDS alerts; IDS dataset; alert verification; context-aware intrusion alert verification approach; false positive alert detection; false positive reduction approach; intrusion detection systems; semantic similarity; Indexes; Measurement; Ports (Computers); Semantics; Telecommunication traffic; Alert Verification; Context-Aware; False Positive; Intrusion Detection; Semantic Similarity;
Conference_Titel :
Information Assurance and Security (IAS), 2014 10th International Conference on
Print_ISBN :
978-1-4799-8098-7
DOI :
10.1109/ISIAS.2014.7064620
