CFP last date
20 January 2025
Reseach Article

Intrusion Detection Systems - Analysis and Containment of False Positives Alerts

by Dr. V. CH. Venkaiah, Dr. M Sreenivasa Rao, G. Jacob Victor
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 5 - Number 8
Year of Publication: 2010
Authors: Dr. V. CH. Venkaiah, Dr. M Sreenivasa Rao, G. Jacob Victor
10.5120/931-1308

Dr. V. CH. Venkaiah, Dr. M Sreenivasa Rao, G. Jacob Victor . Intrusion Detection Systems - Analysis and Containment of False Positives Alerts. International Journal of Computer Applications. 5, 8 ( August 2010), 27-33. DOI=10.5120/931-1308

@article{ 10.5120/931-1308,
author = { Dr. V. CH. Venkaiah, Dr. M Sreenivasa Rao, G. Jacob Victor },
title = { Intrusion Detection Systems - Analysis and Containment of False Positives Alerts },
journal = { International Journal of Computer Applications },
issue_date = { August 2010 },
volume = { 5 },
number = { 8 },
month = { August },
year = { 2010 },
issn = { 0975-8887 },
pages = { 27-33 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume5/number8/931-1308/ },
doi = { 10.5120/931-1308 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T19:53:44.285924+05:30
%A Dr. V. CH. Venkaiah
%A Dr. M Sreenivasa Rao
%A G. Jacob Victor
%T Intrusion Detection Systems - Analysis and Containment of False Positives Alerts
%J International Journal of Computer Applications
%@ 0975-8887
%V 5
%N 8
%P 27-33
%D 2010
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The dependence on information technology became critical and IT infrastructure, critical data, intangible intellectual property are vulnerable to threats and attacks. Organizations install Intrusion Detection Systems (IDS) to alert suspicious traffic or activity. IDS generate a large number of alerts and most of them are false positive as the behavior construe for partial attack pattern or lack of environment knowledge. Monitoring and identifying risky alerts is a major concern to security administrator. The present work is to design an operational model for minimization of false positive alarms, including recurring alarms by security administrator. The architecture, design and performance of model in minimization of false positives in IDS are explored and the experimental results are presented with reference to lab environment.

References
  1. Anderson, J P (1980), Computer Security threat Monitoring and surveillance (Technical Report). Fort Washington, PA: James P Anderson Company.
  2. Peng Ning(2005), “Intrusion Detection Systems Basics”, published in “Hand Book of Computer”, Volume 3, edited by Hossien Bidgoli, Published by John Wiley& Sons, Inc (PP 685 to 700)
  3. Web pages hosted by “The Mitre Corporation”, (2005), CVE is funded by US department of Home land, “Use of the Common Vulnerabilities and Exposures List”, Web site http://cve.mitre.org/about
  4. Simon Edwards, (September 2002), “Network Intrusion Detection Systems: Important IDS Network Security Vulnerabilities”, white paper Top Layer Networks, Inc. Web page: http://www.toplayer.com/pdf/WhitePapers/wp_network_intrusion_system.pdf/
  5. Chuyi Wei et. al. , “The IDS Model Adapt to Load Characteristic under IPv6/4 Environment”, ISBN: 978-1-4244-2107-7, INSPEC Accession Number: 10357013,http://ieeexplore.ieee.org/Xplore/defdeny.jsp?url=http%3A%2F%2Fieeexplore.ieee.org%2Fstamp%2Fstamp.jsp%3Ftp%3D%26arnumber%3D4679079%26userType%3Dmem&denyReason=-134&arnumber=4679079&productsMatched=null&userType=mem
  6. Hassen Sallay, Khalid A. AlShalfan, Ouissem Ben Fred, (2009), “A scalable distributed IDS Architecture for High speed Networks”, IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.8, August 2009.
  7. William Stallings, (2003, 3rd Edition), “Cryptography & Network Security Principles & Practices”, Intrusion Detection(pp. 571).
  8. Michael Sieffert, Rodney Forbes, Charles Green, Leonard Popyack, Thomas Blake ( 2004) , “Stego Intrusion Detection System” http://www.dfrws.org/2004/day3/D3-Sieffert-SIDS.pdf, Assured Information Security, Inc. PO Box 1182, Rome NY 13442, USA, accessed on 20.02.08.
  9. Daejoon Joo , Taeho Hong , Ingoo Han , “The neural network models for IDS based on the asymmetric costs of false negative errors and false positive errors -, Expert Systems with Applications 25 (2003) 69–75, accessed at http://afis.kaist.ac.kr/download/inter_jnl029.pdf, Expert Systems with Applications 25 (2003) 69–75,) Published by Elsevier Science Ltd.,
  10. Joshua Shaul, (“Database IDS versus traditional Network IDS”), White Paper by Systems Engineering, Application Security Inc, http://www.appsecinc.com/ presentations/Database_IDS_vs_Network_IDS.pdf
  11. “Stephen Northcutt & Judy Novak”, (2003) Network Intrusion Detection (3rd .ed), Indianapolis: New Riders Publishing. P79, P401-404
  12. Stefano Zanero(2007), “Flaws and Frauds in the Evaluation of IDS.IPS Technologies”, first accessed on 21.09.07, http://www.first.org/conference /2007/papers/zanero-stefano-paper.pdf
  13. J Snyder (2004). Taking Aim: “Target–Based IDS Squelch Network Noise to pinpoint the alert you really care about”. Information security Magazine, January 2004.
  14. Andre Yee(January 22, 2004), NFR Security “Making false positives go away”, http://www.computerworld.com/securitytopics/security/story/0,10801,89122,00.html?f=x15", accessed on 21.08.07
  15. Emmanuel Hooper (2006), “An Intelligent Intrusion Detection and Response System Using Network Quarantine Channels: Adaptive Policies and Alert Filters” , Proceedings of the 2006 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology (WI-IAT 2006 Workshops)(WI-IATW'06), pp. 16-21, 0-7695-2749-3/06 $20.00 © 2006.
  16. Kai Hwang, MinCai, Ying Chen and Min Qin “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes”(2007), IEEE Transactions On Dependable And Secure Computing, Vol.4, No.1, January-March 2007, accessed on 22.02.08, at http://ieeexplore.ieee.org/search/wrapper.jsp? arnumber=4099191.
  17. Benjamin Morin 1, Ludovic M, Herv Debar, and Mireille Ducass (2007) “M2D2: A Formal Data Model for IDS Alert Correlation”, Volume 2516/2002, pages 115-137 online http://www.springerlink.com/content/cwp428tlhf35rwba/
  18. Jacob et. al., “False positives in intrusion detection systems”, RSPS2010conference Proceedings, 2010, PP 534 -540, ISBN 978-81-908240-0-2
  19. Neelakantan,S. & Rao, “A Threat-Aware Signature Based Intrusion Detection Approach for Obtaining Network-Specific Useful Alarms, in the proceedings of “Internet Monitoring and Protection, 2008. ICIMP '08” Publication Date: June 29 2008-July 5 2008, ISBN: 978-0-7695-3189-2, (pp 80-85)
  20. Subramanian Neelakantan et. al. (2009) “Content-Split Based Effective String-Matching for Multi-Core Based Intrusion Detection Systems , First International Conference on Computational Intelligence, Communication Systems and Networks Pages: 296-301 ISBN:978-0-7695-3743-6
Index Terms

Computer Science
Information Sciences

Keywords

Intrusion Detection Systems Analysis and Containment security administrator