IE interfaces (산업공학)

Korean Institute of Industrial Engineers (대한산업공학회)
권호 표지

The Analysis of IDS Alarms based on AOI

AOI에 기반을 둔 침입탐지시스템의 알람 분석

  • Jung, In-Chul (Dept of Industrial and Systems Engineering, Dongguk University) ;
  • Kwon, Young-S. (Dept of Industrial and Systems Engineering, Dongguk University)
  • Received : 20061100
  • Accepted : 20070800
  • Published : 2008.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

To analyze tens of thousands of alarms triggered by the intrusion detections systems (IDS) a day has been very time-consuming, requiring human administrators to stay alert for all time. But most of the alarms triggered by the IDS prove to be the false positives. If alarms could be correctly classified into the false positive and the false negative, then we could alleviate most of the burden of human administrators and manage the IDS far more efficiently. Therefore, we present a new approach based on attribute-oriented induction (AOI) to classify alarms into the false positive and the false negative. The experimental results show the proposed approach performs very well.

Keywords

References

  1. Berry, Michael, J. A. and Linoff, G. (1999), Mastering Data Mining, John Wiley & Sons
  2. Bloedorn, Eric (2000), Data Mining for Improving Intrusion Detection, MITRE
  3. Clifton, Chris and Gengo, Gary (2000), Developing Custom Intrusion Detection Filters using Data Mining, Proceedings of MILCOM 2000, 440-443
  4. Cuppens, Frederic (2001), Managing Alerts in a Multi-Intrusion Detection Environment, Proceedings of the 17th ACSAC 2001
  5. Ellis, J., Hayes, E., Marella, J. and Willke, B. (2002), State of the Practice of Intrusion Detection Technologies, Technical Report, SEI, Carnegie Mellon University
  6. Erbacher, R. F., Walker, K. L. and Frincke, D. A. (2002), Intrusion and Misuse Detection in Large-Scale Systems, IEEE computer Graphics and Applications, 38-48
  7. Han, J. and Fu, Y. (1996), Exploration of the Power of Attribute-Oriented Induction in Data, Advances in Knowledge Discovery and Data Mining
  8. Han, J. and Kamber, M. (2001), Data Mining Concepts and Techniques, Morgan Kaufmann
  9. Han, J., Cai, Y. and Cercone, N. (1992), Knowledge Discovery in Databases: An Attribute-Oriented Approach, Proceedings of the 18th International Conference on Very Large Databases, 547-559
  10. Julisch, K. (2000), Dealing with False Positives in Intrusion Detection, In Extended Abstract, the 3rd Workshop on Recent Advances in Intrusion Detection (RAID), (http://www.raid-symposium.org/raid2000/program.html)
  11. Julisch, K. (2001), Mining Alarm Clusters to Improve Alarm Handling Efficiency, Proceedings of the 17th Computer Security Applications Conference, 12-21
  12. Julisch, K. (2002), Clustering Intrusion Detection Alarms to Support Root Cause Analysis, ACM, 2(3), 111-138
  13. Julisch, K. and Dacier, M. (2002), Mining Intrusion Detection Alarms for Actionable Knowledge, Proceedings of 8th SIGKDD, 366-375
  14. Korea Information Security Agency (2001), Intrusion Detection System Estimate Standard, Report, 2001-12
  15. Korea Information Security Agency (2003), 2003 Information Security Industry Survey, Report, 2003-12
  16. Korea Information Security Agency (2004), Hacking/Virus Statics and analysis , Report, 2004-12
  17. Magbag, Sheilla D. (2004), A Survey of Misuse Intrusion Detection, (Seminar bstract). UPLB-ICSwebpage (http://www.ics.uplb.edu.ph/node/143)
  18. Ministry of Information And Communication Republic of Korea (2005), Diving in IT 2005 Numerically, Report, 2005-12
  19. Sherif, J. S. (2002), Intrusion Detection: Systems and Models, Proceedings of the 7th IEEE International workshop, 115-133