TY - GEN
T1 - Intelligent alarm filter using knowledge-based alert verification in network intrusion detection
AU - Meng, Yuxin
AU - Li, Wenjuan
AU - Kwok, Lam For
PY - 2012
Y1 - 2012
N2 - Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome.
AB - Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome.
KW - Alarm Filtration
KW - Alert Verification
KW - Intelligent System
KW - Knowledge Representation and Integration
KW - Network Intrusion Detection
UR - http://www.scopus.com/inward/record.url?scp=84870880847&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-34624-8_14
DO - 10.1007/978-3-642-34624-8_14
M3 - Conference article published in proceeding or book
AN - SCOPUS:84870880847
SN - 9783642346231
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 115
EP - 124
BT - Foundations of Intelligent Systems - 20th International Symposium, ISMIS 2012, Proceedings
T2 - 20th International Symposium on Methodologies for Intelligent Systems, ISMIS 2012
Y2 - 4 December 2012 through 7 December 2012
ER -