2012
DOI: 10.5120/9274-3530
|View full text |Cite
|
Sign up to set email alerts
|

Collection Mechanism and Reduction of IDS Alert

Abstract: Numerous techniques and approaches are used to address the threats that are faced by computer networks today's. Some of these reactive approaches involve Intrusion Detection System (IDS), malware data mining and network monitoring. Numerous false positive alerts are generated by the IDS, contributing negatively to system complexity and performance. In this paper, we present a new framework called collection mechanism and reduction of IDS alert framework (CMRAF) to remove duplicate IDS alerts and reduce the amo… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2013
2013
2021
2021

Publication Types

Select...
3
3

Relationship

1
5

Authors

Journals

citations
Cited by 7 publications
(2 citation statements)
references
References 18 publications
0
2
0
Order By: Relevance
“…Because ICMP is used, port attributes for each source and destination in alerts is not include, so they replaced by -1 value because It does not exist between port ranges (0 -65536) as shown in figure (5). It is a statistical analysis method that converts multiple variables into fewer main variables.…”
Section: A3 Convert Snort Alerts Log File To Databasementioning
confidence: 99%
See 1 more Smart Citation
“…Because ICMP is used, port attributes for each source and destination in alerts is not include, so they replaced by -1 value because It does not exist between port ranges (0 -65536) as shown in figure (5). It is a statistical analysis method that converts multiple variables into fewer main variables.…”
Section: A3 Convert Snort Alerts Log File To Databasementioning
confidence: 99%
“…Each alert is consists of set of attributes:sensor, alert type, classification, priority, date, time ( hours ,minutes, seconds and milliseconds), source IP address, destination IP address, source port number, destination port number, protocol, TTL, TOS, ID, Iplen, Dgmlen, type, code and packet type. The reduction of these attributes has become a necessary condition for many researchers [5]. Many Researches [6] in false positive alerts reduction process depending on some attributes without using feature selection or extraction methods.…”
Section: Introductionmentioning
confidence: 99%