Strategy to reduce false alarms in intrusion detection and prevention systems

Qais Qassim, Ahmed Patel, Abdullah Mohd. Zin

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

Pervasive and sustained cyber attacks against information systems continue to pose a potentially devastating impact. Security of information systems and the networks that connect them is becoming increasingly significant nowadays than before as the number of security incidents steadily climbs. The traditional ways of protection with firewall and encryption software are no longer sufficient and effective. In this struggle to secure the data and the systems on which it is stored, Intrusion Detection and Prevention System (IDPS) can prove to be an invaluable tool. IDPS can also, be a very useful tool for recording forensic evidence that may be used in legal proceeding. The intrusion detection and prevention system have provided a high detection rate in detecting attack attempts. However, IDPS performance is hindered by the high false alarm rates it produces. This is a serious concern in information security because every false alarm can onset a severe impact to the system such as the disruption of information availability because of IDPS blockage in suspecting the information to be an attack attempt. The aim of this paper is to propose a strategy to reduce these false alarm rates to an acceptable level to maintain the total security against serious attacks by implementing a fuzzy logic-risk analysis technique for analyzing the generated alarms.

Original languageEnglish
JournalInternational Arab Journal of Information Technology
Volume11
Issue number5
Publication statusPublished - 2014

Fingerprint

Intrusion detection
Security of data
Information systems
Computer system firewalls
Risk analysis
Fuzzy logic
Cryptography
Availability

Keywords

  • Anomaly detection
  • Information security
  • Intrusion detection
  • Intrusion prevention
  • Risk analysis

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Strategy to reduce false alarms in intrusion detection and prevention systems. / Qassim, Qais; Patel, Ahmed; Mohd. Zin, Abdullah.

In: International Arab Journal of Information Technology, Vol. 11, No. 5, 2014.

Research output: Contribution to journalArticle

@article{2b040d76445b457fa868d212f3dc8612,
title = "Strategy to reduce false alarms in intrusion detection and prevention systems",
abstract = "Pervasive and sustained cyber attacks against information systems continue to pose a potentially devastating impact. Security of information systems and the networks that connect them is becoming increasingly significant nowadays than before as the number of security incidents steadily climbs. The traditional ways of protection with firewall and encryption software are no longer sufficient and effective. In this struggle to secure the data and the systems on which it is stored, Intrusion Detection and Prevention System (IDPS) can prove to be an invaluable tool. IDPS can also, be a very useful tool for recording forensic evidence that may be used in legal proceeding. The intrusion detection and prevention system have provided a high detection rate in detecting attack attempts. However, IDPS performance is hindered by the high false alarm rates it produces. This is a serious concern in information security because every false alarm can onset a severe impact to the system such as the disruption of information availability because of IDPS blockage in suspecting the information to be an attack attempt. The aim of this paper is to propose a strategy to reduce these false alarm rates to an acceptable level to maintain the total security against serious attacks by implementing a fuzzy logic-risk analysis technique for analyzing the generated alarms.",
keywords = "Anomaly detection, Information security, Intrusion detection, Intrusion prevention, Risk analysis",
author = "Qais Qassim and Ahmed Patel and {Mohd. Zin}, Abdullah",
year = "2014",
language = "English",
volume = "11",
journal = "International Arab Journal of Information Technology",
issn = "1683-3198",
publisher = "Zarqa University",
number = "5",

}

TY - JOUR

T1 - Strategy to reduce false alarms in intrusion detection and prevention systems

AU - Qassim, Qais

AU - Patel, Ahmed

AU - Mohd. Zin, Abdullah

PY - 2014

Y1 - 2014

N2 - Pervasive and sustained cyber attacks against information systems continue to pose a potentially devastating impact. Security of information systems and the networks that connect them is becoming increasingly significant nowadays than before as the number of security incidents steadily climbs. The traditional ways of protection with firewall and encryption software are no longer sufficient and effective. In this struggle to secure the data and the systems on which it is stored, Intrusion Detection and Prevention System (IDPS) can prove to be an invaluable tool. IDPS can also, be a very useful tool for recording forensic evidence that may be used in legal proceeding. The intrusion detection and prevention system have provided a high detection rate in detecting attack attempts. However, IDPS performance is hindered by the high false alarm rates it produces. This is a serious concern in information security because every false alarm can onset a severe impact to the system such as the disruption of information availability because of IDPS blockage in suspecting the information to be an attack attempt. The aim of this paper is to propose a strategy to reduce these false alarm rates to an acceptable level to maintain the total security against serious attacks by implementing a fuzzy logic-risk analysis technique for analyzing the generated alarms.

AB - Pervasive and sustained cyber attacks against information systems continue to pose a potentially devastating impact. Security of information systems and the networks that connect them is becoming increasingly significant nowadays than before as the number of security incidents steadily climbs. The traditional ways of protection with firewall and encryption software are no longer sufficient and effective. In this struggle to secure the data and the systems on which it is stored, Intrusion Detection and Prevention System (IDPS) can prove to be an invaluable tool. IDPS can also, be a very useful tool for recording forensic evidence that may be used in legal proceeding. The intrusion detection and prevention system have provided a high detection rate in detecting attack attempts. However, IDPS performance is hindered by the high false alarm rates it produces. This is a serious concern in information security because every false alarm can onset a severe impact to the system such as the disruption of information availability because of IDPS blockage in suspecting the information to be an attack attempt. The aim of this paper is to propose a strategy to reduce these false alarm rates to an acceptable level to maintain the total security against serious attacks by implementing a fuzzy logic-risk analysis technique for analyzing the generated alarms.

KW - Anomaly detection

KW - Information security

KW - Intrusion detection

KW - Intrusion prevention

KW - Risk analysis

UR - http://www.scopus.com/inward/record.url?scp=84903954065&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84903954065&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:84903954065

VL - 11

JO - International Arab Journal of Information Technology

JF - International Arab Journal of Information Technology

SN - 1683-3198

IS - 5

ER -