µ¥ÀÌÅͺ£À̽º ¿¬±¸È¸Áö(SIGDB)
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
A Skyline Based False Alarm Reduction in Intrusion Detection Systems |
| ¿µ¹®Á¦¸ñ(English Title) |
A Skyline Based False Alarm Reduction in Intrusion Detection Systems |
| ÀúÀÚ(Author) |
»çÀ̵å¿Ã¸² °¡´Ï¿¹ºê
ÀÌÀ¯°æ
º¯Á¤¿ë
Saydiolim Ganiev
Yookyung Lee
Jeong-Yong Byun
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 31 NO. 01 PP. 0088 ~ 0097 (2015. 04) |
Çѱ۳»¿ë
(Korean Abstract) |
|
¿µ¹®³»¿ë
(English Abstract) |
Recent expansion of the Internet has caused to emerge lots of malicious threats. Though various Intrusion Detection Systems (IDSs) have been proposed so far, none of them has completely coped with the emerged issues. Once IDS finishes its performance, lots of false alarms can be produced, which can lead to increasing burden in network administrator's work. Therefore, it is necessary to have a system for post-processing of the false alarms that can operate after intrusion detection process finishes its work, and divide false alarms into secure data packets and attacks. In this paper, we propose to select only top-k false alarms that pose a threat to the system. Our approach is to formulate the existing issue as a selection problem with which skyline queries can handle fast and efficiently. In this paper, we utilize Sort-Filter-Skyline (SFS) algorithm that constructs skylines by finding only such data points that are not dominated by other data points. In the context of the proposed method, we perform a skyline operation on false alarms, and extract alarms that are not dominated by other alarms. These alarms are potential candidates to become secure data packets or attacks. Experiments show that the proposed method outperforms other methods on reducing false positive and false negative, while maintaining the acceptable computational time and memory usage.
|
| Å°¿öµå(Keyword) |
intrusion detection systems (IDS)
false alarm reduction(FAR)
skyline
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
