White Papers

Data Mining and Machine Learning - Towards Reducing False Positives in Intrusion Detection

Overview Intrusion Detection Systems (IDSs) are used to monitor computer systems for signs of security violations. Having detected such signs, IDSs trigger alerts to report them. These alerts are presented to a human analyst, who evaluates them and initiates an adequate response. In practice, IDSs have been observed to trigger thousands of alerts per day, most of which are mistakenly triggered by benign events (i.e., false positives). This makes it extremely difficult for the analyst to correctly identify alerts related to attacks (i.e., true positives). This paper presents two orthogonal and complementary approaches to reduce the number of false positives in intrusion detection using alert postprocessing by data mining and machine learning.

Download White Paper

By downloading you agree to our Terms and Conditions. These include information regarding use of your personal data.

Publisher
IBM
File Format
PDF
Date Published
Oct 1, 2008
Format
White Papers
Topics
Intrusion Detection Systems, Network Security, Data Mining - Analysis

Similiar White Papers

Modeling an Intrusion Detection System Using Data Mining and Genetic Algorithms Based on Fuzzy Logic

Modeling an Intrusion Detection System Using Data Mining and Genetic Algorithms Based on Fuzzy Logic

Fuzzy logic based methods together with the techniques from Artificial Intelligence have gained importance. Data mining

Publisher: Andhra University  |  Tags: data

A Lightweight Online Network Anomaly Detection Scheme Based on Data Mining Methods

A Lightweight Online Network Anomaly Detection Scheme Based on Data Mining Methods

Network IDS look for known or potential malicious activities in network traffic and raise an alarm whenever a suspicious

Publisher: Institute of Computing Technology  |  Tags: computer security, ddos, network, spam

Data Mining for Network Intrusion Detection

Data Mining for Network Intrusion Detection

This paper gives an overview of the research in building rare class prediction models for identifying known intrusions a

Publisher: University of Minnesota  |  Tags: data, minnesota, network

Detection and Summarization of Novel Network Attacks Using Data Mining

Detection and Summarization of Novel Network Attacks Using Data Mining

This paper introduces the Minnesota Intrusion Detection System (MINDS), which uses a suite of data mining techniques to

Publisher: University of Minnesota  |  Tags: data, data mining, minnesota, network

ADAM: Detecting Intrusions by Data Mining

ADAM: Detecting Intrusions by Data Mining

Intrusion detection systems have traditionally been based on the characterization of an attack and the tracking of the a

Publisher: Institute of Electrical and Electronics Engineers  |  Tags: data, data mining

IBM White Papers

Integrated Change & Release Management

Integrated Change & Release Management

Short deadlines and constant change epitomize the challenges of software and systems development. Routine change increas

Publisher: IBM  |  Tags: software

Webcast: Introducing IBM Lotus Quickr -- The Fastest Way to Share Content with Your Teams

Webcast: Introducing IBM Lotus Quickr -- The Fastest Way to Share Content with Your Teams

Have you heard the buzz about Lotus Quickr? Lotus Quickr is IBM's new Web 2.0-based team collaboration software that is

Publisher: IBM  |  Tags: collaboration software, software

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

An examination of server consolidation: the trends that can drive efficiencies and help businesses gain a competitive edge

This white paper provides a starting point for organizations contemplating server consolidation. It includes an overview

Publisher: IBM  |  Tags: cost savings, server

Build Strong, Flexible J2EE apps With a WebSphere Cluster Environment

Build Strong, Flexible J2EE apps With a WebSphere Cluster Environment

When building a strong, extensible, and flexible J2EE application, one needs to consider several factors. One important

Publisher: IBM  |  Tags: application server, management, server

Deploying Oracle ASM With Oracle 10g RAC on AIX With IBM System Storage DS8000 and DS6000 Advanced Features

Deploying Oracle ASM With Oracle 10g RAC on AIX With IBM System Storage DS8000 and DS6000 Advanced Features

The IBM System Storage DS8000 and DS6000 Disk Storage systems are both high performance storage systems that offer expan

Publisher: IBM  |  Tags: data, database, server