By Topic

A new framework for online rule threshold adjustment in intrusion detection

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Moghimi, M.M. ; Sepehr S. T. Co. Ltd., Tehran, Iran ; Saraee, M.H.

Generally, rule-based systems work to make sense of a large volume of alerts generated by the intrusion detection systems (IDSs) every minute. Hence, it is very significant to verify that these systems are error-free and that the rules are suitable for the current network. This topic is addressed by Rule Adjustment, which automatically adjusts the rules based on the current network environment. The problem with the rule adjustment is to adjust the internal thresholds and to keep the structure unchanged. In this paper, we propose a method for adjusting the rules, online. This method does the threshold adjustment without changing the structure of the rules. Here, our approach for online threshold adjustment is to monitor the alerts and detect constant changes in them. And then, we adjust the appropriate thresholds. We have implemented this method and evaluated it using real-world datasets. Our approach was successfully able to adjust the rules in all the cases with marginal error.

Published in:

Computer Science and Software Engineering (CSSE), 2011 CSI International Symposium on

Date of Conference:

15-16 June 2011