Network-based IDS(Intrusion Detection System) gathers network packet data and analyzes them into attack or normal. But they often output a large amount of low-level or incomplete alert information. Such alerts can be unmanageable and also be mixed with false alerts. In this paper we proposed a false alarm classification model to reduce the false alarm rate using classification analysis of data mining techniques. The model was implemented based on associative classification in the domain of DDOS attack. We evaluated the false alarm classifier deployed in front of Snort with Darpa 1998 dataset and verified the reduction of false alarm rate. Our approach is useful to reduce false alerts and to improve the detection rate of network-based intrusion detection systems. © Springer-Verlag Berlin Heidelberg 2004.
CITATION STYLE
Shin, M. S., Kim, E. H., & Ryu, K. H. (2004). False alarm classification model for network-based intrusion detection system. Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3177, 259–265. https://doi.org/10.1007/978-3-540-28651-6_38
Mendeley helps you to discover research relevant for your work.