Concurrent reduction of false positives and redundant alerts

Abstract

The concurrent reductions of true and false positives in Intrusion Detection Systems are exploitable avenues for attacks to succeed for a number of reasons. Firstly, intrusion detectors can concurrently generate numerous false positives with true positives. Secondly, intrusion aggregation models that are designed to reduce alerts workload reduce clusters of true and false positives at the same rate because the reduction of alert redundancies is not separated from that of false positives. Consequently, there are growing rate of computer attacks despite the inclusion of network detectors on the networks. Therefore, this paper presents a model to investigate these problems. The model consisted of two cooperative components of clustering rules that respectively eliminated redundancies and false positives. Evaluations with series of synthetic and realistic datasets have demonstrated how network analysts could significantly reduce false positive and redundancies in realistic networks and how to promptly thwart ongoing attacks.