Anomaly-based network IDS false alarm filter using cluster-based alarm classification approach

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Anomaly-based network intrusion detection systems (A-NIDS) are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge for these systems. Large amounts of false alarms prevent correct detection and make an immediate response impossible for intrusion detection system (IDS). To mitigate this issue, this paper presents a strategy for filtering these alarms to reduce the rate of false-positive alarms of A-NIDS. This paper presents a new semi-supervised alarm classification method that does not require predefined knowledge of attack signatures or security personal feedback.

Original languageEnglish
Pages (from-to)13-26
Number of pages14
JournalInternational Journal of Security and Networks
Volume12
Issue number1
DOIs
Publication statusPublished - 2017

Fingerprint

Intrusion detection
Feedback

Keywords

  • Alarm management
  • Intrusion detection system
  • Joint entropy
  • Network security
  • Positive false alarm

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Cite this

@article{54c2e7e83e0c42dea42860ffcaf4ad9c,
title = "Anomaly-based network IDS false alarm filter using cluster-based alarm classification approach",
abstract = "Anomaly-based network intrusion detection systems (A-NIDS) are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge for these systems. Large amounts of false alarms prevent correct detection and make an immediate response impossible for intrusion detection system (IDS). To mitigate this issue, this paper presents a strategy for filtering these alarms to reduce the rate of false-positive alarms of A-NIDS. This paper presents a new semi-supervised alarm classification method that does not require predefined knowledge of attack signatures or security personal feedback.",
keywords = "Alarm management, Intrusion detection system, Joint entropy, Network security, Positive false alarm",
author = "Qassim, {Qais Saif} and {Mohd. Zin}, Abdullah and {Ab Aziz}, {Mohd Juzaiddin}",
year = "2017",
doi = "10.1504/IJSN.2017.081056",
language = "English",
volume = "12",
pages = "13--26",
journal = "International Journal of Security and Networks",
issn = "1747-8405",
publisher = "Inderscience Enterprises Ltd",
number = "1",

}

TY - JOUR

T1 - Anomaly-based network IDS false alarm filter using cluster-based alarm classification approach

AU - Qassim, Qais Saif

AU - Mohd. Zin, Abdullah

AU - Ab Aziz, Mohd Juzaiddin

PY - 2017

Y1 - 2017

N2 - Anomaly-based network intrusion detection systems (A-NIDS) are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge for these systems. Large amounts of false alarms prevent correct detection and make an immediate response impossible for intrusion detection system (IDS). To mitigate this issue, this paper presents a strategy for filtering these alarms to reduce the rate of false-positive alarms of A-NIDS. This paper presents a new semi-supervised alarm classification method that does not require predefined knowledge of attack signatures or security personal feedback.

AB - Anomaly-based network intrusion detection systems (A-NIDS) are an important and essential defence mechanism against network attacks. However, they generate a high volume of alarms that can be mixed with false-positive alarms, which poses a major challenge for these systems. Large amounts of false alarms prevent correct detection and make an immediate response impossible for intrusion detection system (IDS). To mitigate this issue, this paper presents a strategy for filtering these alarms to reduce the rate of false-positive alarms of A-NIDS. This paper presents a new semi-supervised alarm classification method that does not require predefined knowledge of attack signatures or security personal feedback.

KW - Alarm management

KW - Intrusion detection system

KW - Joint entropy

KW - Network security

KW - Positive false alarm

UR - http://www.scopus.com/inward/record.url?scp=85006968153&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85006968153&partnerID=8YFLogxK

U2 - 10.1504/IJSN.2017.081056

DO - 10.1504/IJSN.2017.081056

M3 - Article

AN - SCOPUS:85006968153

VL - 12

SP - 13

EP - 26

JO - International Journal of Security and Networks

JF - International Journal of Security and Networks

SN - 1747-8405

IS - 1

ER -