Intelligent alarm filter using knowledge-based alert verification in network intrusion detection

Yuxin Meng, Wenjuan Li, Lam For Kwok

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

12 Citations (Scopus)

Abstract

Network intrusions have become a big challenge to current network environment. Thus, network intrusion detection systems (NIDSs) are being widely deployed in various networks aiming to detect different kinds of network attacks (e.g., Trojan, worms). However, in real settings, a large number of alarms can be generated during the detection procedure, which greatly decrease the effectiveness of these intrusion detection systems. To mitigate this problem, we advocate that constructing an alarm filter is a promising solution. In this paper, we design and develop an intelligent alarm filter to help filter out NIDS alarms by means of knowledge-based alert verification. In particular, our proposed method of knowledge-based alert verification employs a rating mechanism in terms of expert knowledge to classify incoming NIDS alarms. We implemented and evaluated this intelligent knowledge-based alarm filter in a network environment. The experimental results show that the developed alarm filter can accurately filter out a number of NIDS alarms and achieve a better outcome.

Original languageEnglish
Title of host publicationFoundations of Intelligent Systems - 20th International Symposium, ISMIS 2012, Proceedings
Pages115-124
Number of pages10
DOIs
Publication statusPublished - 2012
Externally publishedYes
Event20th International Symposium on Methodologies for Intelligent Systems, ISMIS 2012 - Macau, China
Duration: 4 Dec 20127 Dec 2012

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7661 LNAI
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference20th International Symposium on Methodologies for Intelligent Systems, ISMIS 2012
Country/TerritoryChina
CityMacau
Period4/12/127/12/12

Keywords

  • Alarm Filtration
  • Alert Verification
  • Intelligent System
  • Knowledge Representation and Integration
  • Network Intrusion Detection

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'Intelligent alarm filter using knowledge-based alert verification in network intrusion detection'. Together they form a unique fingerprint.

Cite this