2015
DOI: 10.1002/sec.1173
|View full text |Cite
|
Sign up to set email alerts
|

A test of intrusion alert filtering based on network information

Abstract: Intrusion detection systems continue to be a promising security technology. The arguably biggest problem with today's intrusion detection systems is the sheer number of alerts they produce for events that are regarded as benign or non‐critical by system administrators. A plethora of more and less complex solutions has been proposed to filter the relevant (i.e., correct) alerts that signature‐based intrusion detection sensors produce. This paper reports on a test performed to test a number of filtering alternat… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2

Citation Types

0
2
0

Year Published

2017
2017
2022
2022

Publication Types

Select...
3
2

Relationship

1
4

Authors

Journals

citations
Cited by 6 publications
(2 citation statements)
references
References 16 publications
(31 reference statements)
0
2
0
Order By: Relevance
“…These issues are approached from various perspectives which can be summarized into filtration [4], aggregation [5], prioritization [6] and correlation [7]. Since the correlation techniques are the most relevant for our research, we further elaborate on them in our related work.…”
Section: Introductionmentioning
confidence: 99%
“…These issues are approached from various perspectives which can be summarized into filtration [4], aggregation [5], prioritization [6] and correlation [7]. Since the correlation techniques are the most relevant for our research, we further elaborate on them in our related work.…”
Section: Introductionmentioning
confidence: 99%
“…The problem with false positives is substantial. For example, Tjhai et al (2008) reported that 96% of the alerts were false positives in a test where Snort monitored a university's web server, Sommestad and Franke (2015) reported that greater than 98% of the alerts Snort produced during a cyber security exercise were false positives, and Cotroneo et al (2019) refers to analyses were 99% of the alerts are false positives. The problem of detecting attacks is also considerable and a frequent argument against signature-based NIDSs and for the use of anomaly based alternatives is that signature-based solutions are poor at detecting undisclosed (zero-day) exploits (Liao et al, 2013) (Patcha & Park, 2007) (Holm, 2014) (Khraisat et al, 2019).…”
Section: Introductionmentioning
confidence: 99%