Referenced Items are not available for this document.
False positives are critical problems of network intrusion detection systems that use pattern matching algorithm to detect network intrusions. The algorithm is unable to eliminate false packets with short lifespan. Secondly, the algorithm lacks the capability to manage the trade-offs between false and true positives. Consequently, system administrators are frequently swamped with massive false alerts from intrusive packets that cannot achieve their objectives and unfortunately, such alerts are often mixed with few true positives. However, how to substantiate these two generic groups of alerts without incurring additional overheads are classical research issues. Therefore, we present clustering-based adaptive P-filter model to investigate false positives. Alerts from Snort were the input to the P-filter model and they were clustered with some sequential filtering criteria. Extensive evaluations that we performed have demonstrated high efficacy of our approach to collaborate with pattern matching algorithm in achieving significant reduction of false positives during intrusion detections.
Published in:
Intelligent Systems, Modelling and Simulation (ISMS), 2010 International Conference on
Date of Conference: 27-29 Jan. 2010
- Page(s):
- 54 - 59
- Print ISBN:
- 978-1-4244-5984-1
- INSPEC Accession Number:
- 11141425
- Conference Location :
- Liverpool
- Digital Object Identifier :
- 10.1109/ISMS.2010.21
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
