False Positive Reduction using IDS Alert Correlation Method based on the Apriori Algorithm
作者: Homam El-TajOmar AbouabdallaAhmed ManasrahMohammed AnbarAhmed Al-Madi
刊名: International Journal of Computer Science and Information Security, 2010, Vol.8 (7), pp.151
来源数据库: Directory of Open Access Journals
关键词: Intrusion Detection SystemFalse Positive AlertsAlert CorrelationData Minig.
原始语种摘要: Correlating the Intrusion Detection Systems (IDS) is one challenging topic in the field of network security. There are many benefits from correlating the IDS alerts: to reduce the huge amount of alerts that IDS triggers, to reduce the false positive ratio and to figure out the relations between the alerts to get better understanding of the attacks. One of these correlation techniques based on the data mining. In this paper we developed new IDS alerts group correlation method (GCM) based on the aggregated alerts by the Threshold Aggregation Framework (TAF) we create our correlation method by adapting the Apriori algorithm for large data. This method used to reduce the amount of aggregated alerts and to reduce the ratio of false positive alerts.
全文获取路径: DOAJ  (合作)

  • correlating 关联
  • mining 矿业
  • create 引起
  • network 网络
  • aggregated 块状的
  • reduce 减少
  • adapting 适应
  • security 可靠性
  • understanding 理解
  • correlation 对比