Abstract: During the last decade, intrusion detection systems (IDSs) have become a widely used measure for security management. However, these systems often generate many false positives and irrelevant alerts. In this paper, we propose a data mining based real-time method for distinguishing important network IDS alerts from frequently occurring false positives and events of low importance. Unlike conventional data mining based approaches, our method is fully automated and able to adjust to environment changes without a human intervention.
Published in: Proceedings of the 2009 IEEE MILCOM Conference.
Vaarandi, R. (2009). Real-time Classification of IDS Alerts with Data Mining Techniques. Proceedings of the 2009 IEEE MILCOM Conference, 2009, pp. 1786-1792.