Review of Techniques Reducing False Positive In IDS

sarita Tiwari, Satish J. Alaspurkar

Abstract


An Intrusion Detection System is a device, typically another separate computer, monitors activity to identify malicious or suspicious events. An IDS is a sensor, like a smoke detector, that raise an alarm if specific thing occur. Intrusion Detection Systems are not perfect and mistakes are their biggest problem. Although an IDS might detect an intruder correctly most of time, it may stumble in two different ways: by raising an alarm for something that is not really an attack or not raising an alarm for a real attack. One of the ideas was to create correlation methods which cover the problem of dealing with the huge amount of both real alerts as well as false alerts. The techniques used in this area plan to help the analyst party to analyze these alerts to distinguish between alerts generated by real attacks and legal traffic. We present APHRODITE, an architecture designed to reduce false positives in network intrusion-detection systems. APHRODITE works by detecting anomalies in the outgoing traffic, and by correlating them with the alerts raised by the NIDS analyzing the incoming traffic . we introduce new learning algorithms for reducing false positives in intrusion detection. It is based on decision tree-based attribute weighting with adaptive nae Bayesian tree, which not only reduce the false positives (FP) at acceptable level, but also scale up the detection rates (DR) for different types of network intrusions. IDS generate a large number of alerts and most of them are false positive as the behaviour construe for partial attack pattern or lack of environment knowledge. These Alerts has different severities and most of them dont require big attention because of the huge number of the false alerts among them. In this technical paper we mentioned the techniques for reducing false positive in IDS. Those techniques is used to reducing the false positive in IDS


Full Text:

PDF

Refbacks

  • There are currently no refbacks.