{"title":"基于行为的入侵检测系统中减少错误警报的聚类方法","authors":"Tayeb Kenaza, Abdelhalim Zaidi","doi":"10.1109/ICMWI.2010.5648171","DOIUrl":null,"url":null,"abstract":"Behavioral intrusion detection systems are known by their high false alerts rates. In this paper, we propose to combine a behavioral intrusion detection approach with a clustering approach in order to obtain a set of clusters with different false alerts rates. The order of these clusters with respect to their false alerts rates will be considered as an alerts prioritization. Hence, new alerts will be classified to the closest cluster and processed according to their cluster priority. Experimental results, using a simulated IDS, show that our approach is able to reduce the false alerts rate produced by behavioral intrusion detection systems.","PeriodicalId":404577,"journal":{"name":"2010 International Conference on Machine and Web Intelligence","volume":"34 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Clustering approach for false alerts reducing in behavioral based intrusion detection systems\",\"authors\":\"Tayeb Kenaza, Abdelhalim Zaidi\",\"doi\":\"10.1109/ICMWI.2010.5648171\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Behavioral intrusion detection systems are known by their high false alerts rates. In this paper, we propose to combine a behavioral intrusion detection approach with a clustering approach in order to obtain a set of clusters with different false alerts rates. The order of these clusters with respect to their false alerts rates will be considered as an alerts prioritization. Hence, new alerts will be classified to the closest cluster and processed according to their cluster priority. Experimental results, using a simulated IDS, show that our approach is able to reduce the false alerts rate produced by behavioral intrusion detection systems.\",\"PeriodicalId\":404577,\"journal\":{\"name\":\"2010 International Conference on Machine and Web Intelligence\",\"volume\":\"34 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-11-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Machine and Web Intelligence\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICMWI.2010.5648171\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Machine and Web Intelligence","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICMWI.2010.5648171","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Clustering approach for false alerts reducing in behavioral based intrusion detection systems
Behavioral intrusion detection systems are known by their high false alerts rates. In this paper, we propose to combine a behavioral intrusion detection approach with a clustering approach in order to obtain a set of clusters with different false alerts rates. The order of these clusters with respect to their false alerts rates will be considered as an alerts prioritization. Hence, new alerts will be classified to the closest cluster and processed according to their cluster priority. Experimental results, using a simulated IDS, show that our approach is able to reduce the false alerts rate produced by behavioral intrusion detection systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
