False alarm minimization techniques in signature-based intrusion detection systems: A survey

Neminath Hubballi; Vinoth Suryanarayanan

首页> 外文期刊>Computer Communications >False alarm minimization techniques in signature-based intrusion detection systems: A survey

【24h】

False alarm minimization techniques in signature-based intrusion detection systems: A survey

机译：基于签名的入侵检测系统中的虚假警报最小化技术：一项调查

获取原文

获取原文并翻译 | 示例

获取外文期刊封面封底 >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

A network based Intrusion Detection System (IDS) gathers and analyzes network packets and report possible low level security violations to a system administrator. In a large network setup, these low level and partial reports become unmanageable to the administrator resulting in some unattended events. Further it is known that state of the art IDS generate many false alarms. There are techniques proposed in IDS literature to minimize false alarms, many of which are widely used in practice in commercial Security Information and Event Management (SIEM) tools. In this paper, we review existing false alarm minimization techniques in signature-based Network Intrusion Detection System (NIDS). We give a taxonomy of false alarm minimization techniques in signature-based IDS and present the pros and cons of each class. We also study few of the prominent commercial SIEM tools which have implemented these techniques along with their performance. Finally, we conclude with some directions to the future research.

机译：基于网络的入侵检测系统（IDS）收集并分析网络数据包，并向系统管理员报告可能的低级安全违规情况。在大型网络设置中，这些低级和部分报告对于管理员来说变得不可管理，从而导致一些无人值守的事件。进一步已知的是，现有技术的IDS会产生许多错误警报。 IDS文献中提出了一些技术来最小化虚假警报，其中许多已在实践中广泛用于商业安全信息和事件管理（SIEM）工具中。在本文中，我们回顾了基于签名的网络入侵检测系统（NIDS）中现有的虚假警报最小化技术。我们在基于签名的IDS中提供了错误警报最小化技术的分类法，并介绍了每个类的优缺点。我们还研究了很少有实现这些技术及其性能的著名商业SIEM工具。最后，我们总结了未来研究的方向。

著录项

来源
《Computer Communications》 |2014年第1期|1-17|共17页
作者
Neminath Hubballi; Vinoth Suryanarayanan;
展开▼
作者单位

Discipline of Computer Science and Engineering, Indian Institute of Technology Indore, India;

School of Computer Science, University of Birmingham, United Kingdom;

展开▼
收录信息美国《科学引文索引》(SCI);美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
False alarms; Correlation; Intrusion detection;

机译：错误警报;相关性入侵检测;

相似文献

外文文献
中文文献
专利

1. A Novel Signature-Based Traffic Classification Engine To Reduce False Alarms In Intrusion Detection Systems [J] . Md. Azizul Islam, Md. Manirul Islam International Journal of Computer Networks & Communications . 2015,第1期

机译：一种新颖的基于签名的流量分类引擎，可减少入侵检测系统中的误报
2. Enhancing the Performance of Intrusion Detection System by Minimizing the False Alarm Detection Using Fuzzy Logic [J] . Khaled Batiha, Mohammed O. Alshroqee Information and Knowledge Management . 2018,第1期

机译：通过使用模糊逻辑最大限度地减少误报检测，提高入侵检测系统的性能
3. Towards reducing false alarms in network intrusion detection systems with data summarization technique [J] . Neminath Hubballi, Santosh Biswas, Sukumar Nandi Security and communication networks . 2013,第3期

机译：借助数据汇总技术来减少网络入侵检测系统中的虚假警报
4. Providing a method to reduce the false alarm rate in network intrusion detection systems using the multilayer perceptron technique and backpropagation algorithm [C] . Mostafa darkaie, Reza Tavoli 2019 IEEE 5th Conference on Knowledge Based Engineering and Innovation . 2019

机译：提供一种使用多层感知器技术和反向传播算法降低网络入侵检测系统误报率的方法
5. Low-rate false alarm anomaly-based intrusion detection system with one-class SVM [D] . Farnia, Fatemeh. 2017

机译：低速率误报异常的入侵检测系统，具有单级SVM
6. Probabilities of False Alarm for Vital Sign Detection on the Basis of a Doppler Radar System [O] . Nguyen Thi Phuoc Van, Liqiong Tang, Subhas Chandra Mukhopadhyay, 2018

机译：基于多普勒雷达系统的生命体征虚警率
7. Alarm management for intrusion detection systems - Prioritizing and presenting alarms from intrusion detection systems [O] . Klüft Sebastian, Staaf Eva Lina 2012

机译：入侵检测系统的报警管理 - 从入侵检测系统中确定报警优先级并显示报警

False alarm minimization techniques in signature-based intrusion detection systems: A survey

摘要

著录项

相似文献

相关主题

期刊订阅