Title :
Quantitative Criteria for Alert Correlation of Anomalies-based NIDS
Author :
Maestre Vidal, Jorge ; Sandoval Orozco, Ana Lucila ; Garcia Villalba, Luis Javier
Author_Institution :
Univ. Complutense de Madrid (UCM), Madrid, Spain
Abstract :
This paper presents an alert correlation system for mitigating the false positives problem on network-based intrusion detection, when anomalous detection techniques are applied. The system allows the quantitative assessment of the likelihood that an alert issued because an anomaly becomes a real threat. To do this the differences between the characteristics of the model representing the habitual and legitimate network usage are taken into account, as well as the most representative features of the traffic that generated the alert. The result is a quantitative assessment of its similarity to the network legitimate usage, and the prioritization of the issued alerts. Experiments have demonstrated the validity of the proposal. The 95.7% of the false positives were labeled as low priority treatment alerts, and the various real threats were properly identified.
Keywords :
security of data; alert correlation system; anomalies-based NIDS; anomalous detection techniques; false positives problem; habitual network usage; legitimate network usage; network-based intrusion detection; representative features; Correlation; Floods; Intrusion detection; Irrigation; Monitoring; Proposals; Silicon compounds; Alert Correlation; Anomalies; False Positives; IDS; Intrusion Detection System; NIDS; Network-based Intrusion Detection System;
Journal_Title :
Latin America Transactions, IEEE (Revista IEEE America Latina)
DOI :
10.1109/TLA.2015.7387255
