Browse > Article

The Analysis of IDS Alarms based on AOI  

Jung, In-Chul (Dept of Industrial and Systems Engineering, Dongguk University)
Kwon, Young-S. (Dept of Industrial and Systems Engineering, Dongguk University)
Publication Information
IE interfaces / v.21, no.1, 2008 , pp. 33-42 More about this Journal
Abstract
To analyze tens of thousands of alarms triggered by the intrusion detections systems (IDS) a day has been very time-consuming, requiring human administrators to stay alert for all time. But most of the alarms triggered by the IDS prove to be the false positives. If alarms could be correctly classified into the false positive and the false negative, then we could alleviate most of the burden of human administrators and manage the IDS far more efficiently. Therefore, we present a new approach based on attribute-oriented induction (AOI) to classify alarms into the false positive and the false negative. The experimental results show the proposed approach performs very well.
Keywords
intrusion detection system (IDS); attribute-oriented induction (AOI); data mining;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Clifton, Chris and Gengo, Gary (2000), Developing Custom Intrusion Detection Filters using Data Mining, Proceedings of MILCOM 2000, 440-443
2 Korea Information Security Agency (2003), 2003 Information Security Industry Survey, Report, 2003-12
3 Han, J. and Kamber, M. (2001), Data Mining Concepts and Techniques, Morgan Kaufmann
4 Magbag, Sheilla D. (2004), A Survey of Misuse Intrusion Detection, (Seminar bstract). UPLB-ICSwebpage (http://www.ics.uplb.edu.ph/node/143)
5 Sherif, J. S. (2002), Intrusion Detection: Systems and Models, Proceedings of the 7th IEEE International workshop, 115-133
6 Erbacher, R. F., Walker, K. L. and Frincke, D. A. (2002), Intrusion and Misuse Detection in Large-Scale Systems, IEEE computer Graphics and Applications, 38-48
7 Ellis, J., Hayes, E., Marella, J. and Willke, B. (2002), State of the Practice of Intrusion Detection Technologies, Technical Report, SEI, Carnegie Mellon University
8 Han, J., Cai, Y. and Cercone, N. (1992), Knowledge Discovery in Databases: An Attribute-Oriented Approach, Proceedings of the 18th International Conference on Very Large Databases, 547-559
9 Julisch, K. and Dacier, M. (2002), Mining Intrusion Detection Alarms for Actionable Knowledge, Proceedings of 8th SIGKDD, 366-375
10 Korea Information Security Agency (2004), Hacking/Virus Statics and analysis , Report, 2004-12
11 Ministry of Information And Communication Republic of Korea (2005), Diving in IT 2005 Numerically, Report, 2005-12
12 Julisch, K. (2001), Mining Alarm Clusters to Improve Alarm Handling Efficiency, Proceedings of the 17th Computer Security Applications Conference, 12-21
13 Han, J. and Fu, Y. (1996), Exploration of the Power of Attribute-Oriented Induction in Data, Advances in Knowledge Discovery and Data Mining
14 Bloedorn, Eric (2000), Data Mining for Improving Intrusion Detection, MITRE
15 Korea Information Security Agency (2001), Intrusion Detection System Estimate Standard, Report, 2001-12
16 Cuppens, Frederic (2001), Managing Alerts in a Multi-Intrusion Detection Environment, Proceedings of the 17th ACSAC 2001
17 Julisch, K. (2000), Dealing with False Positives in Intrusion Detection, In Extended Abstract, the 3rd Workshop on Recent Advances in Intrusion Detection (RAID), (http://www.raid-symposium.org/raid2000/program.html)
18 Berry, Michael, J. A. and Linoff, G. (1999), Mastering Data Mining, John Wiley & Sons
19 Julisch, K. (2002), Clustering Intrusion Detection Alarms to Support Root Cause Analysis, ACM, 2(3), 111-138