Although intelligent intrusion and detection strategies are used to detect any false alarms within the network critical segments of network infrastructures, reducing false positives is still a major challenge. Up to this moment, these strategies focus on either detection or response features, but often lack of having both features together. Without considering those features together, intrusion detection systems probably will not be able to highly detect on low false alarm rates. To offset the abovementioned constraints, this paper proposes a strategy to focus on detection involving statistical analysis of both attack and normal traffics based on the training data of KDD Cup 99. This strategy also includes a hybrid statistical approach which uses Data Mining and Decision Tree Classification. As a result, the statistical analysis can be manipulated to reduce misclassification of false positives and distinguish between attacks and false positives for the data of KDD Cup 99. Therefore, this strategy can be used to evaluate and enhance the capability of the IDS to detect and at the same time to respond to the threats and benign traffic in critical segments of network, application and database infrastructures.
展开▼
机译:尽管使用智能入侵和检测策略来检测网络基础结构的网络关键段内的任何误报,但是减少误报仍然是一项重大挑战。到目前为止,这些策略只专注于检测或响应功能,但常常缺乏将两个功能结合在一起的能力。如果不一起考虑这些功能,入侵检测系统可能无法以低误报率高度检测。为了克服上述限制,本文提出了一种基于KDD Cup 99训练数据的针对攻击和正常流量进行统计分析的检测策略。该策略还包括使用数据挖掘和决策树分类的混合统计方法。 。结果,可以使用统计分析来减少误报的误分类,并区分KDD Cup 99数据的攻击和误报。因此,该策略可用于评估和增强IDS检测和检测IDS的能力。同时应对网络,应用程序和数据库基础架构关键部分中的威胁和良性流量。
展开▼
