Reduction of False Positives in Intrusion Detection via Adaptive Alert Classifier
An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operators workload.
Zhihong Tian Weizhe Zhang Jianwei Ye Xiangzhan Yu Hongli Zhang
Research Center of Computer Network and Information Security Technology Harbin Institute of Technology Harbin, Heilongjiang Province, China
国际会议
2008 IEEE International Conference on Onformation and Automation(IEEE 信息与自动化国际会议)
张家界
英文
1599-1602
2008-06-20(万方平台首次上网日期,不代表论文的发表时间)