{"title":"基于改进SNM算法的网络IDS重复告警减少","authors":"Xianguang Lu, Xuehui Du, Wenjuan Wang","doi":"10.1109/ICIVC.2018.8492846","DOIUrl":null,"url":null,"abstract":"Intrusion detection system is an effective defense tool for finding security events. However, it will produce a large number of false positive alerts, which greatly increases the difficulty of real-time security analysis for the security managers, in actual applications. The periodic alarm produced by the wrong configuration of network devices and services, and the approximately duplicate alarm generated by different IDS for the same attack are important components of false alarm. In this paper, we improved the SNM algorithm and cleaned up the duplicate alarm in the original alarm database, which reduced the scale of the database; On the other hand, we have made statistics on the number of duplicate alarms, so that we can further find periodic alerts and remove false alarms.","PeriodicalId":173981,"journal":{"name":"2018 IEEE 3rd International Conference on Image, Vision and Computing (ICIVC)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Network IDS Duplicate Alarm Reduction Using Improved SNM Algorithm\",\"authors\":\"Xianguang Lu, Xuehui Du, Wenjuan Wang\",\"doi\":\"10.1109/ICIVC.2018.8492846\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Intrusion detection system is an effective defense tool for finding security events. However, it will produce a large number of false positive alerts, which greatly increases the difficulty of real-time security analysis for the security managers, in actual applications. The periodic alarm produced by the wrong configuration of network devices and services, and the approximately duplicate alarm generated by different IDS for the same attack are important components of false alarm. In this paper, we improved the SNM algorithm and cleaned up the duplicate alarm in the original alarm database, which reduced the scale of the database; On the other hand, we have made statistics on the number of duplicate alarms, so that we can further find periodic alerts and remove false alarms.\",\"PeriodicalId\":173981,\"journal\":{\"name\":\"2018 IEEE 3rd International Conference on Image, Vision and Computing (ICIVC)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 3rd International Conference on Image, Vision and Computing (ICIVC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIVC.2018.8492846\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 3rd International Conference on Image, Vision and Computing (ICIVC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIVC.2018.8492846","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Network IDS Duplicate Alarm Reduction Using Improved SNM Algorithm
Intrusion detection system is an effective defense tool for finding security events. However, it will produce a large number of false positive alerts, which greatly increases the difficulty of real-time security analysis for the security managers, in actual applications. The periodic alarm produced by the wrong configuration of network devices and services, and the approximately duplicate alarm generated by different IDS for the same attack are important components of false alarm. In this paper, we improved the SNM algorithm and cleaned up the duplicate alarm in the original alarm database, which reduced the scale of the database; On the other hand, we have made statistics on the number of duplicate alarms, so that we can further find periodic alerts and remove false alarms.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
