Neminath Hubballi scite author profile

A network based Intrusion Detection System (IDS) gathers and analyzes network packets and report possible low level security violations to a system administrator. In a large network setup, these low level and partial reports become unmanageable to the administrator resulting in some unattended events. Further it is known that state of the art IDS generate many false alarms. There are techniques proposed in IDS literature to minimize false alarms, many of which are widely used in practice in commercial Security Information and Event Management (SIEM) tools. In this paper, we review existing false alarm minimization techniques in signature-based Network Intrusion Detection System (NIDS). We give a taxonomy of false alarm minimization techniques in signature-based IDS and present the pros and cons of each class. We also study few of the prominent commercial SIEM tools which have implemented these techniques along with their performance. Finally, we conclude with some directions to the future research.

show abstract

Slow rate denial of service attacks against HTTP/2 and detection

Tripathi

Hubballi

2018

Computers & Security

View full text Add to dashboard Cite

OCPAD: One class Naive Bayes classifier for payload based anomaly detection

Swarnkar

Hubballi

2016

Expert Systems with Applications

View full text Add to dashboard Cite

Network specific false alarm reduction in intrusion detection system

Hubballi¹,

Biswas²,

Nandi³

2010

Security Comm Networks

View full text Add to dashboard Cite

Intrusion Detection Systems (IDSs) are used to find the security violations in computer networks. Usually IDSs produce a vast number of alarms that include a large percentage of false alarms. One of the main reason for such false alarm generation is that, in most cases IDSs are run with default set of signatures. In this paper, a scheme for network specific false alarm reduction in IDS is proposed. A threat profile of the network is created and IDS generated alarms are correlated using neural network. Experiments conducted in a test bed have successfully filtered out most of the false alarms for a range of attacks yet maintaining the Detection Rate.

show abstract

How Secure are Web Servers? An Empirical Study of Slow HTTP DoS Attacks and Detection

Tripathi

Hubballi

Singh

2016

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.