Network IDS is a well-known security measure for network monitoring and protection. Unfortunately, IDSs are known to generate large amounts of alerts, with many of them being either false positives or of low importance. This makes it hard for the human to spot alerts which need more attention. In order to tackle this issue, this paper proposes an IDS alert classification method which is based on data mining techniques.
Published in: Proceedings of the 2010 IEEE Conference on Network and Service Management.
Vaarandi, R. & Podins, K. (2010). Network IDS Alert Classification with Frequent Itemset Mining and Data Clustering. Proceedings of the 2010 IEEE Conference on Network and Service Management, pp 451-456. Link here