Skip to main content
Journal Article

False alarm classification model for network-based intrusion detection system

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2004) 3177 259-265
DOI: 10.1007/978-3-540-28651-6_38
23Citations
Citations of this article
12Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. But they often output a large amount of low-level or incomplete alert information. Such alerts can be unmanageable and also be mixed with false alerts. In this paper we proposed a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The model was implemented based on associative classification in the domain of DDOS attack. We evaluated the false alarm classifier deployed in front of Snort with Darpa 1998 dataset and verified the reduction of false alarm rate. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems. © Springer-Verlag Berlin Heidelberg 2004.

Cite

CITATION STYLE

APA

Shin, M. S., Kim, E. H., & Ryu, K. H. (2004). False alarm classification model for network-based intrusion detection system. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3177, 259–265. https://doi.org/10.1007/978-3-540-28651-6_38

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free