Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(119.81KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Publications from CSC-OpenAccess Library are being accessed from over 74 countries worldwide.
Managing Intrusion Detection Alerts Using Support Vector Machines
Majid Ghonji Feshki, Omid Sojoodi, Minoo Deljavan Anvary
Pages - 266 - 273     |    Revised - 30-09-2015     |    Published - 31-10-2015
Volume - 9   Issue - 5    |    Publication Date - September / October 2015  Table of Contents
MORE INFORMATION
KEYWORDS
Intrusion Detection System, Alert Management, Support Vector Machine, Security Alert Classification, Reduction of False Positive Alerts, Classifying True Positive Alert Based on Their Attack types.
ABSTRACT
In the computer network world Intrusion detection systems (IDS) are used to identify attacks against computer systems. They produce security alerts when an attack is done by an intruder. Since IDSs generate high amount of security alerts, analyzing them are time consuming and error prone. To solve this problem IDS alert management techniques are introduced. They manage generated alerts and handle true positive and false positive alerts. In this paper a new alert management system is presented. It uses support vector machine (SVM) as a core component of the system that classify generated alerts. The proposed algorithm achieves high accurate result in false positives reduction and identifying type of true positives. Because of low classification time per each alert, the system also could be used in active alert management systems.
1 Google Scholar 
2 CiteSeerX 
3 refSeek 
4 TechRepublic 
5 Scribd 
6 SlideShare 
7 PdfSR 
1 Debar, H., M. Dacier, and A. Wespi, Towards a taxonomy of intrusion-detection systems. Computer Networks, 1999. 31(8): p. 805-822.
2 Cortes, C. and V. Vapnik, Support-vector networks. Machine learning, 1995. 20(3): p. 273297.
3 Julisch, K., Clustering intrusion detection alarms to support root cause analysis. ACM Transactions on Information and System Security (TISSEC), 2003. 6(4): p. 443-471.
4 Maheyzah, S.Z., Intelligent alert clustering model for network intrusion analysis. Journal in Advances Soft Computing and Its Applications (IJSCA), 2009. 1(1): p. 33-48.
5 Wang, J., H. Wang, and G. Zhao. A GA-based Solution to an NP-hard Problem of Clustering Security Events. 2006. IEEE.
6 DARPA 2000 Intrusion Detection Evaluation Datasets, M.L. Lab., Editor. 2000.
7 Cuppens, F. Managing alerts in a multi-intrusion detection environment. 2001.
8 MIRADOR, E. Mirador: a cooperative approach of IDS. in European Symposium on Research in Computer Security (ESORICS). 2000. Toulouse, France.
9 Debar, H. and A. Wespi. Aggregation and Correlation of Intrusion-Detection Alerts. in Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection. 2001.
10 Ahrabi, A.A.A., et al., A New System for Clustering and Classification of Intrusion Detection System Alerts Using Self-Organizing Maps. International Journal of Computer Science and Security (IJCSS), 2011. 4(6): p. 589.
11 Kohonen, T., Self-Organized Maps. 1997, Science Berlin Heidelberg: Springer series in information.
12 Bahrbegi, H., et al. A new system to evaluate GA-based clustering algorithms in Intrusion Detection alert management system. 2010. IEEE.
13 Krovi, R. Genetic algorithms for clustering: a preliminary investigation. 1992. IEEE.
14 Krishna, K. and M. Narasimha Murty, Genetic K-means algorithm. Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on, 1999. 29(3): p. 433-439.
15 Fuyan, L., C. Chouyong, and L. Shaoyi. An improved genetic approach. 2005. IEEE.
16 Lu, Y., et al. FGKA: a fast genetic K-means clustering algorithm. 2004. ACM.
17 Di Nuovo, A.G., V. Catania, and M. Palesi. The hybrid genetic fuzzy C-means: a reasoned implementation. in International Conference on Fuzzy Systems. 2006. World Scientific and Engineering Academy and Society (WSEAS).
18 Ahrabi, A.A.A., et al., Using Learning Vector Quantization in IDS Alert Management System. International Journal of Computer Science and Security (IJCSS), 2012. 6(2): p. 17.
19 Kohonen, T., Learning vector quantization, in M.A. Arbib (ed.), The Handbook of Brain Theory and Beural Networks. 1995: MIT Press.
20 Njogu, H.W., et al., A comprehensive vulnerability based alert management approach for large networks. Future Generation Computer Systems, 2013. 29(1): p. 27-45.
21 DARPA 1998 Intrusion Detection Evaluation Datasets, M.L. Lab., Editor. 2000.
22 DARPA 1998 Intrusion Detection Evaluation Datasets, M.L. Lab., Editor. 1998.
23 Brugger, S.T. and J. Chow, An Assessment of the DARPA IDS Evaluation Dataset Using Snort, D. UC Davis Technical Report CSE-2007-1, CA, Editor. 2007.
24 Vapnik, V.N., The nature of statistical learning theory. 2000: Springer-Verlag New York Inc.
25 Webb, A.R., Statistical pattern recognition. Second Edition ed. 2002, Malvern UK: Wiley.
26 Matlab, www.mathworks.com/products/matlab/, Editor. 2009, Mathworks.
27 Ma, J., Y. Zhao, and S. Ahalt, OSU SVM classifier matlab toolbox (ver 3.00). Pulsed Neural Networks, 2002.
Mr. Majid Ghonji Feshki
Department of computer science Islamic Azad University, Qazvin Branch Qazvin, Qazvin, Iran - Iran
ghonji.majid@yahoo.com
Dr. Omid Sojoodi
Department of computer science, Islamic Azad University, Qazvin Branch - Iran
Mr. Minoo Deljavan Anvary
IT Department School of e-Learning Shiraz University Shiraz, Fars, Iran - Iran