FALSE POSITIVE REDUCTION IN INTRUSION DETECTION SYSTEM: A SURVEY
Since the first intrusion detection system and up to this moment all IDSs had generated thousands and thousands of alerts and most of these alerts are false alerts, which lead the researchers to develop an idea to reduce the rate of the alerts or at least the false alerts of them. One of the ideas was to create correlation methods which cover the problem of dealing with the huge amount of both real alerts as well as false alerts. The techniques used in this area plan to help the analyst party to analyze these alerts to distinguish between alerts generated by real attacks and legal traffic. This paper will highlight the false positive reduction techniques surrounding this area.
Computer security Intrusion Detection System False Positive Alerts Alert Correlation
Omar Abouabdalla Homam El-Taj Ahmed Manasrah Sureswaran Ramadass
Universiti Sains Malaysia,National Advanced IPv6 Centre (NAv6)
国际会议
北京
英文
463-466
2009-10-18(万方平台首次上网日期,不代表论文的发表时间)