Reduction of false positives in intrusion detection via adaptive alert classifier

Zhihong Tian; Weizhe Zhang; Jianwei Ye; Xiangzhan Yu; Hongli Zhang

doi:10.1109/ICINFA.2008.4608259

Reduction of false positives in intrusion detection via adaptive alert classifier

Zhihong Tian^*
, Weizhe Zhang
, Jianwei Ye
, Xiangzhan Yu
, Hongli Zhang

^*Corresponding author for this work

Faculty of Computing

Harbin Institute of Technology

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

17 Scopus citations

Abstract

An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operators' workload.

Original language	English
Title of host publication	Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008
Pages	1599-1602
Number of pages	4
DOIs	https://doi.org/10.1109/ICINFA.2008.4608259
State	Published - 2008
Event	2008 IEEE International Conference on Information and Automation, ICIA 2008 - Zhangjiajie, Hunan, China Duration: 20 Jun 2008 → 23 Jun 2008

Publication series

Name	Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008

Conference

Conference	2008 IEEE International Conference on Information and Automation, ICIA 2008
Country/Territory	China
City	Zhangjiajie, Hunan
Period	20/06/08 → 23/06/08

Access to Document

10.1109/ICINFA.2008.4608259

Cite this

Tian, Z., Zhang, W., Ye, J., Yu, X., & Zhang, H. (2008). Reduction of false positives in intrusion detection via adaptive alert classifier. In Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008 (pp. 1599-1602). Article 4608259 (Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008). https://doi.org/10.1109/ICINFA.2008.4608259

@inproceedings{608a409bf5664e1e9d45f9f6596187c1,

title = "Reduction of false positives in intrusion detection via adaptive alert classifier",

abstract = "An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operators' workload.",

author = "Zhihong Tian and Weizhe Zhang and Jianwei Ye and Xiangzhan Yu and Hongli Zhang",

year = "2008",

doi = "10.1109/ICINFA.2008.4608259",

language = "英语",

isbn = "9781424421848",

series = "Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008",

pages = "1599--1602",

booktitle = "Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008",

note = "2008 IEEE International Conference on Information and Automation, ICIA 2008 ; Conference date: 20-06-2008 Through 23-06-2008",

}

Tian, Z, Zhang, W, Ye, J, Yu, X & Zhang, H 2008, Reduction of false positives in intrusion detection via adaptive alert classifier. in Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008., 4608259, Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008, pp. 1599-1602, 2008 IEEE International Conference on Information and Automation, ICIA 2008, Zhangjiajie, Hunan, China, 20/06/08. https://doi.org/10.1109/ICINFA.2008.4608259

Reduction of false positives in intrusion detection via adaptive alert classifier. / Tian, Zhihong; Zhang, Weizhe; Ye, Jianwei et al.
Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008. 2008. p. 1599-1602 4608259 (Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Reduction of false positives in intrusion detection via adaptive alert classifier

AU - Tian, Zhihong

AU - Zhang, Weizhe

AU - Ye, Jianwei

AU - Yu, Xiangzhan

AU - Zhang, Hongli

PY - 2008

Y1 - 2008

N2 - An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operators' workload.

AB - An important problem in the field of intrusion detection is the management of alerts. Intrusion detection systems tend to overwhelmed human operators with a large volume of false positives. In order to correctly identify the alerts related to attacks and reduce false positives, this paper describes a novel adaptive alert classifier based on pattern mining method. The alert classifier supports the operators by classifying alerts into true positives and false positives and learns knowledge adaptively by the feedback of the operators. The results of experiment show that the alert classifier is able to reduce the numerous redundant alerts and effectively reduces the analyst operators' workload.

UR - https://www.scopus.com/pages/publications/54249114188

U2 - 10.1109/ICINFA.2008.4608259

DO - 10.1109/ICINFA.2008.4608259

M3 - 会议稿件

AN - SCOPUS:54249114188

SN - 9781424421848

T3 - Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008

SP - 1599

EP - 1602

BT - Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008

T2 - 2008 IEEE International Conference on Information and Automation, ICIA 2008

Y2 - 20 June 2008 through 23 June 2008

ER -

Tian Z, Zhang W, Ye J, Yu X , Zhang H. Reduction of false positives in intrusion detection via adaptive alert classifier. In Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008. 2008. p. 1599-1602. 4608259. (Proceedings of the 2008 IEEE International Conference on Information and Automation, ICIA 2008). doi: 10.1109/ICINFA.2008.4608259

Reduction of false positives in intrusion detection via adaptive alert classifier

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this