2014
DOI: 10.1016/j.comcom.2014.04.012
|View full text |Cite
|
Sign up to set email alerts
|

False alarm minimization techniques in signature-based intrusion detection systems: A survey

Abstract: A network based Intrusion Detection System (IDS) gathers and analyzes network packets and report possible low level security violations to a system administrator. In a large network setup, these low level and partial reports become unmanageable to the administrator resulting in some unattended events. Further it is known that state of the art IDS generate many false alarms. There are techniques proposed in IDS literature to minimize false alarms, many of which are widely used in practice in commercial Security… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1

Citation Types

0
79
0

Year Published

2015
2015
2022
2022

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 184 publications
(79 citation statements)
references
References 86 publications
0
79
0
Order By: Relevance
“…However, this approach requires alteration of attack signatures and rebooting of the IDS engine. Numerous works on false alarm minimization have been proposed in the literature with varying degree of success . In general, enhancing the IDS's accuracy by minimizing its FP alarm rate also decreases its detection rate by increasing its false negative rate.…”
Section: Introductionmentioning
confidence: 99%
“…However, this approach requires alteration of attack signatures and rebooting of the IDS engine. Numerous works on false alarm minimization have been proposed in the literature with varying degree of success . In general, enhancing the IDS's accuracy by minimizing its FP alarm rate also decreases its detection rate by increasing its false negative rate.…”
Section: Introductionmentioning
confidence: 99%
“…But, most existing IRS designs employ a static approach in selecting an optimum response for intrusion alerts generated by the IDSs [5]. Instead of dynamic response, several existing [6] [7] only used static response strategies. This includes the static risk threshold metric, damage reduction metric, IDS confidence metric and severity metric.…”
Section: Fig 30 Intrusion Response System Processmentioning
confidence: 99%
“…The major concern with such systems is that they attempt to detect a very wide range of events, which often results in high false alarm rate [5]. The main cause of an excessive number of wrong detections is often attributed to a plethora of suspicious cases.…”
Section: Introductionmentioning
confidence: 99%
“…Similar to Intrusion Detection Systems, TDS might be divided into two broad classes: pattern-based and anomaly-based. The former uses a database of known threat patterns and raises an alarm whenever similar pattern(s) occur, whereas the later uses a certain model of system behaviour and observes significant deviations from it [5].…”
Section: Introductionmentioning
confidence: 99%