IDS Alert Classification Model Construction Using Decision Support Techniques
Although many IDSs have been proposed to assist administrators in detecting intrusion, false alarms are still huge and result in the difficulty of analysis. For this reason, we proposed a decision support system for constructing an alert classification model, which consists of three phases: alert preprocessing, model constructing and rule refining. Experimental results show that the proposed method discovers intrusion patterns quickly and precisely, and lightens the load of on-line alert analysis for experts obviously.
IDS false alert Decision Support System
Yan Zhang Shuguang Huang Yongyi Wang
Dept. of Network Engineering Electronic Engineering Institute Hefei, China 230037
国际会议
杭州
英文
301-305
2012-03-23(万方平台首次上网日期,不代表论文的发表时间)