• DocumentCode
    3580262
  • Title

    Context-aware intrusion alerts verification approach

  • Author

    Saad, Sherif ; Traore, Issa ; Brocardo, Marcelo Luiz

  • Author_Institution
    Electr. & Comput. Eng., Univ. of Victoria, Victoria, BC, Canada
  • fYear
    2014
  • Firstpage
    53
  • Lastpage
    59
  • Abstract
    Intrusion detection systems (IDSs) produce a massive number of intrusion alerts. A huge number of these alerts are false positives. Investigating false positive alerts is an expensive and time consuming process, and as such represents a significant problem for intrusion analysts. This shows the needs for automated approaches to eliminate false positive alerts. In this paper, we propose a novel alert verification and false positives reduction approach. The proposed approach uses context-aware and semantic similarity to filter IDS alerts and eliminate false positives. Evaluation of the approach with an IDS dataset that contains massive number of IDS alerts yields strong performance in detecting false positive alerts.
  • Keywords
    security of data; ubiquitous computing; IDS alerts; IDS dataset; alert verification; context-aware intrusion alert verification approach; false positive alert detection; false positive reduction approach; intrusion detection systems; semantic similarity; Indexes; Measurement; Ports (Computers); Semantics; Telecommunication traffic; Alert Verification; Context-Aware; False Positive; Intrusion Detection; Semantic Similarity;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security (IAS), 2014 10th International Conference on
  • Print_ISBN
    978-1-4799-8098-7
  • Type

    conf

  • DOI
    10.1109/ISIAS.2014.7064620
  • Filename
    7064620
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3580262