A Design of false alarm analysis framework of intrusion detection system by using incremental mining method


KIPS Transactions on Software and Data Engineering, Vol. 13, No. 3, pp. 295-302, Mar. 2006
10.3745/KIPSTC.2006.13.3.295, Full Text:

Abstract

An intrusion detection system writes a lot of alarms against attack behaviors in real time. These alarms contain not only actual attack alarms, but also false alarms that are mistakes made by the intrusion detection system. False alarms are the main reason that reduces the efficiency of the intrusion detection system, and we propose framework for false alarms analysis in the paper. Also, we apply an incremental data mining method for pattern analysis of false alarms increasing continuously. The framework consists of GUI, DB Manager, Alert Preprocessor, and False Alarm Analyzer. We analyze the false alarms increasingly through the experiment of the proposed framework and show that false alarms are reduced by applying the analyzed false alarm rules in the intrusion detection system.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
E. H. Kim and K. H. Ryu, "A Design of false alarm analysis framework of intrusion detection system by using incremental mining method," KIPS Journal C (2001 ~ 2012) , vol. 13, no. 3, pp. 295-302, 2006. DOI: 10.3745/KIPSTC.2006.13.3.295.

[ACM Style]
Eun Hee Kim and Keun Ho Ryu. 2006. A Design of false alarm analysis framework of intrusion detection system by using incremental mining method. KIPS Journal C (2001 ~ 2012) , 13, 3, (2006), 295-302. DOI: 10.3745/KIPSTC.2006.13.3.295.