Conference Chairman

Abstract

The security of computer networks is a prime concern today. Different devices and methods have been developed to offer different kinds of protection (firewalls, IDS’s, antiviruses, etc.). By centrally storing and processing the signals of these devices, it is possible to detect more cheats and attacks than simply by analyzing the logs independently. To be able to discover every attack we have to set the sensitivity of the security devices to a high level. The most difficult and still unsolved problem in this case is that vast numbers of alarm messages are generated and the most of them do not indicate real attack. In this paper we show how we can use data mining to discover the patterns that frequently caused false alarm. We present algorithm ABAMSEP, which discovers frequent alert-ended episodes.