Anomaly-based network IDS false alarm filter using cluster-based alarm classification approach Online publication date: Mon, 19-Dec-2016
by Qais Saif Qassim; Abdullah Mohd Zin; Mohd Juzaiddin Ab Aziz
International Journal of Security and Networks (IJSN), Vol. 12, No. 1, 2017
Abstract: Anomaly-based network intrusion detection systems (A-NIDS) are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge for these systems. Large amounts of false alarms prevent correct detection and make an immediate response impossible for intrusion detection system (IDS). To mitigate this issue, this paper presents a strategy for filtering these alarms to reduce the rate of false-positive alarms of A-NIDS. This paper presents a new semi-supervised alarm classification method that does not require predefined knowledge of attack signatures or security personal feedback.
Online publication date: Mon, 19-Dec-2016
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email email@example.com