In the computer network world Intrusion detection systems (IDS) are used to identify attacks against computer systems. They produce security alerts when an attack is done by an intruder. Since IDSs generate high amount of security alerts, analyzing them are time consuming and error prone. To solve this problem IDS alert management techniques are introduced. They manage generated alerts and handle true positive and false positive alerts. In this paper a new alert management system is presented. It uses support vector machine (SVM) as a core component of the system that classify generated alerts. The proposed algorithm achieves high accurate result in false positives reduction and identifying type of true positives. Because of low classification time per each alert, the system also could be used in active alert management systems.
展开▼