ODARM

2010 ◽  
pp. 40-56
Author(s):  
Fu Xiao ◽  
Xie Li
Keyword(s):  
Intrusion Detection ◽  
Outlier Detection ◽  
Domain Knowledge ◽  
Reduction Rate ◽  
Main Idea ◽  
False Positives ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Data Mining Technique ◽  
Detection Systems

Intrusion Detection Systems (IDSs) are widely deployed with increasing of unauthorized activities and attacks. However they often overload security managers by triggering thousands of alerts per day. And up to 99% of these alerts are false positives (i.e. alerts that are triggered incorrectly by benign events). This makes it extremely difficult for managers to correctly analyze security state and react to attacks. In this chapter the authors describe a novel system for reducing false positives in intrusion detection, which is called ODARM (an Outlier Detection-Based Alert Reduction Model). Their model based on a new data mining technique, outlier detection that needs no labeled training data, no domain knowledge and little human assistance. The main idea of their method is using frequent attribute values mined from historical alerts as the features of false positives, and then filtering false alerts by the score calculated based on these features. In order to filter alerts in real time, they also design a two-phrase framework that consists of the learning phrase and the online filtering phrase. Now they have finished the prototype implementation of our model. And through the experiments on DARPA 2000, they have proved that their model can effectively reduce false positives in IDS alerts. And on real-world dataset, their model has even higher reduction rate.

Feature Extraction Methods for Intrusion Detection Systems

2013 ◽  
pp. 1064-1092
Author(s):  
Hai Thanh Nguyen ◽  
Katrin Franke ◽  
Slobodan Petrovic
Keyword(s):  
Feature Extraction ◽  
Feature Selection ◽  
Intrusion Detection ◽  
Domain Knowledge ◽  
Intrusion Detection Systems ◽  
Feature Construction ◽  
Selection Methods ◽  
Detection Systems ◽  
Negative Effect ◽  
Managing Risk

Intrusion Detection Systems (IDSs) have become an important security tool for managing risk and an indispensable part of overall security architecture. An IDS is considered as a pattern recognition system, in which feature extraction is an important pre-processing step. The feature extraction process consists of feature construction and feature selection . The quality of the feature construction and feature selection algorithms is one of the most important factors that affects the effectiveness of an IDS. Achieving reduction of the number of relevant traffic features without negative effect on classification accuracy is a goal that largely improves the overall effectiveness of the IDS. Most of the feature construction as well as feature selection works in intrusion detection practice is still carried through manually by utilizing domain knowledge. For automatic feature construction and feature selection, the filter, wrapper, and embedded methods from machine learning are frequently applied. This chapter provides an overview of various existing feature construction and feature selection methods for intrusion detection systems. A comparison between those feature selection methods is performed in the experimental part.

Abnormal File Access Behavior Detection Based on FPD: An Unsupervised Approach

2015 ◽  
Vol 713-715 ◽  
pp. 2212-2216 ◽  
Author(s):  
Xiao Bin Wang ◽  
Yong Jun Wang ◽  
Yong Lin Sun
Keyword(s):  
Information Security ◽  
Intrusion Detection ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Behavior Detection ◽  
Detection Systems ◽  
File Access ◽  
Information File ◽  
Unsupervised Approach ◽  
Modern Information

Information security is a great challenge for organizations in our modern information world. Existing security facilities like Firewalls, Intrusion Detection Systems and Antivirus are not enough to guarantee the security of information. File is an important carrier of information, which is the intent of quite a number of attackers. In this paper, we extend the FPD-based approach for detecting abnormal file access behaviors. We propose 3 approaches to calculate FPD values in the case of lacking training data, and we apply a k-means based unsupervised approach to distinguish between normal processes and abnormal ones. Experiment demonstrate that our unsupervised approach is still effective compared to the supervised case with training data.

scholarly journals The Evolution of Vector Machine Support in the Field of Intrusion Detection Systems

2021 ◽  
Author(s):  
Ouafae Elaeraj ◽  
Cherkaoui Leghris
Keyword(s):  
Intrusion Detection ◽  
Local Area Network ◽  
Detection Efficiency ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Gaussian Kernel ◽  
Support Vector ◽  
Good Prediction ◽  
Area Network ◽  
Detection Systems

With the increase in Internet and local area network usage, malicious attacks and intrusions into computer systems are growing. The design and implementation of intrusion detection systems became extremely important to help maintain good network security. Support vector machines (SVM), a classic pattern recognition tool, has been widely used in intrusion detection. They make it possible to process very large data with great efficiency and are easy to use, and exhibit good prediction behavior. This paper presents a new SVM model enriched with a Gaussian kernel function based on the features of the training data for intrusion detection. The new model is tested with the CICIDS2017 dataset. The test proves better results in terms of detection efficiency and false alarm rate, which can give better coverage and make the detection more effective.

Reducing false positives in intrusion detection systems

2010 ◽  
Vol 29 (1) ◽  
pp. 35-44 ◽  
Author(s):  
Georgios P. Spathoulas ◽  
Sokratis K. Katsikas
Keyword(s):  
Intrusion Detection ◽  
False Positives ◽  
Intrusion Detection Systems ◽  
Detection Systems
Sign in / Sign up

Export Citation Format

Share Document