Abstract
The high number of false positive alarms that are generated in large intrusion detection infrastructures makes it difficult for operar tions staff to separate false alerts from real attacks. One means of reducing this problem is the use of meta alarms, or rules, which identify known attack patterns in alarm streams. The obvious risk with this approach is that the rule base may not be complete with respect to every true attack profile, especially those which are new. Currently, new rules are discovered manually, a process which is both costly and error prone. We present a novel approach using association rule mining to shorten the time that elapses from the appearance of a new attack profile in the data to its definition as a rule in the production monitoring infrastructure. © Springer-Verlag Berlin Heidelberg 2006.
Author supplied keywords
Cite
CITATION STYLE
Treinen, J. J., & Thurimella, R. (2006). A framework for the application of association rule mining in large intrusion detection infrastructures. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4219 LNCS, pp. 1–18). Springer Verlag. https://doi.org/10.1007/11856214_1
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
