Proposing a new model to improve alert detection in intrusion detection systems

In this article, a method has been presented in which the above mentioned shortcoming will be reduced by semantic expansion of alerts’ information. We will show that semantic expansion of alerts’ information based on background knowledge before clustering step leads to a much better clustering. DARPA dataset is used to evaluate the proposed method. Alerts’ detection rate will be more than 96%, which is better than similar approaches. | International Journal of Computer Networks and Communications Security VOL. 5, NO. 4, APRIL 2017, 76–82 Available online at: E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) Proposing A New Model to Improve Alert Detection in Intrusion Detection Systems Behrooz Shahi Sheykhahmadloo1 and Samira Mehrnoosh2 1 Master of Software Engineering, Department of Computer Engineering, University of Isfahan, Isfahan, Iran 2 Master of Software Engineering, Department of Computer Engineering, University of Shiraz, Shiraz, Iran 1 sheykhahmadloobehrooz@, ABSTRACT Using Intrusion Detection Systems is essential in today's systems to detect cyber attacks. IDS identify undesirable behaviors by getting information from systems that are under their surveillance and give them to network analyst as an Alert. A summary view of network security status is obtained by clustering and labeling alerts. Detection and quality of alerts are the two primary challenges of these systems. The number of IDS alerts is too much that the network analyst can’t survey all of them. In this article, a method has been presented in which the above mentioned shortcoming will be reduced by semantic expansion of alerts’ information. We will show that semantic expansion of alerts’ information based on background knowledge before clustering step leads to a much better clustering. DARPA dataset is used to evaluate the proposed method. Alerts’ detection rate will be more than 96%, which is better than similar approaches. Keywords: Semantic Expansion of Alerts, Clustering Alerts, Intrusion Detection Systems. 1 INTRODUCTION Due to the widespread use of the Internet, internet attacks and unauthorized intrusions in recent years have grown substantially. Intrusion Detection Systems have been introduced to identify and reduce unauthorized intrusions. These systems identify undesirable behaviors by investigating network traffic and systems’ status. Then, give .

Không thể tạo bản xem trước, hãy bấm tải xuống
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.