Data Mining Based Technique for IDS Alert Classification

10.7903/ijecs.1392

Hany Nashat Gabra；Ayman M. Bahaa-Eldin；Hoda Korashy Mohammed

Intrusion Detection ； Data Mining ； Frequent Pattern ； Frequent Itemset

International Journal of Electronic Commerce Studies

6卷1期（2015 / 06 / 01）

119 - 125

英文

Intrusion detection systems (IDSs) have become a widely used measure for security systems. The main problem for such systems is the irrelevant alerts. We propose a data mining based method for classification to distinguish serious and irrelevant alerts with a performance of 99.9%, which is better in comparison with the other recent data mining methods that achieved 97%. A ranked alerts list is also created according to the alert's importance to minimize human interventions.

1. Snort, Retrieved on June 24, 2008, from http://www.snort.org/.
2. Al-Mamory, S.O. ,Zhang, H.(2009).Intrusion detection alarms reduction by root cause analysis and clustering.Computer Communications,32(2),419-430.
3. Al-Mamory, S.O.,Zhang, H.,Abbas, A.R.(2008).IDS alarms reduction by data mining.IEEE World Congress on Computational Intelligence,Hong Kong, China:
4. Bodon, F.(2000).A fast APRIORI implementation.IEEE ICDM Workshop on Frequent Itemset Mining Implementations,Canada, August:
5. Clifton, C.,Gengo, G.(2000).Developing custom intrusion detection filters using data mining.21st Century Military Communications Conference,Los Angeles, California:
6. Hätönen, K.,Klemettinen, M.,Mannila, H.,Ronkainen, P.,Toivonen, H.(1996).Mining Databases: Towards Algorithms for Knowledge Discovery.International Conference on Data Engineering,New Orleans, LA:
7. He, Z. ,Xu, X. ,Huang, J.Z. ,Deng, S.(2005).FP-outlier frequent pattern based outlier detection.Computer Science and Information System,2(1),103-118.
8. Julisch, K.(2003).Clustering intrusion detection alarms to support root cause analysis.ACM Transactions on Information and System Security,6(4),443-471.
9. Julisch, K.,Dacier, M.(2004).Mining intrusion detection alarms for actionable knowledge.ACM SIGKDD Knowledge Discovery and Data Mining Conference,Seattle, Washington, USA:
10. Kosters, W.A.,Pijls, W.(2001).Depth-first implementation for APRIORI algorithm.CEUR Workshop,Malaga, Spain:
11. Long, J.,Schwartz, D.,Stoecklin, S.(2006).Distinguishing false from true alerts in snort by data mining patterns of alerts.International Society for Optical Engineering,Kissimmee, Florida, USA:
12. Vaarandi, R.(2009).Real-time classification of IDS alerts with data mining techniques.IEEE Military Communications Conference (MILCOM 2009),Boston, MA:
13. Viinikka, J. ,Debar, H.(2004).Monitoring IDS background noise using EWMA control charts and alert information.Recent Advances in Intrusion Detection, Lecture Notes in Computer Science,3224,166-187.
14. Viinikka, J. ,Debar, H. ,Mé, L. ,Lehikoinen, A. ,Tarvainen, M.(2009).Processing intrusion detection alert aggregates with time series modeling.Information Fusion Journal,10(4),312-324.
15. Viinikka, J.,Debar, H.,Mé, L.,Séguier, R.(2006).Time series modeling for IDS alert management.ACM Symposium on Information, Computer and Communications Security,Taipei, Taiwan: