Context-Aware Intrusion Alerts Verification Approach

被引:0
|
作者
Saad, Sherif [1 ]
Traore, Issa [1 ]
Brocardo, Marcelo Luiz [1 ]
机构
[1] Univ Victoria, Elect & Comp Engn, Victoria, BC V8W 2Y2, Canada
来源
2014 10TH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY (IAS) | 2014年
关键词
Alert Verification; Intrusion Detection; Context-Aware; Semantic Similarity; False Positive; TAXONOMY;
D O I
暂无
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Intrusion detection systems (IDSs) produce a massive number of intrusion alerts. A huge number of these alerts are false positives. Investigating false positive alerts is an expensive and time consuming process, and as such represents a significant problem for intrusion analysts. This shows the needs for automated approaches to eliminate false positive alerts. In this paper, we propose a novel alert verification and false positives reduction approach. The proposed approach uses context-aware and semantic similarity to filter IDS alerts and eliminate false positives. Evaluation of the approach with an IDS dataset that contains massive number of IDS alerts yields strong performance in detecting false positive alerts.
引用
收藏
页码:53 / 59
页数:7
相关论文
共 50 条
  • [1] A Context-Aware Clustering Approach for Assisting Operators in Classifying Security Alerts
    Liu, Yu
    Li, Tong
    Zhang, Runzi
    Jin, Zhao
    Tong, Mingkai
    Liu, Wenmao
    Wang, Yiting
    Yang, Zhen
    IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2025, 51 (01) : 153 - 171
  • [2] Context-aware incremental clustering of alerts in monitoring systems
    Turgeman, Lior
    Avrashi, Yaniv
    Vagner, Gabriella
    Azaizah, Nadeem
    Katkar, Someshwar
    EXPERT SYSTEMS WITH APPLICATIONS, 2022, 210
  • [3] Modeling and Verification of Context-aware Systems
    Tran, Minh H.
    Colman, Alan
    Han, Jun
    Zhang, Hongyu
    2012 19TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC), VOL 1, 2012, : 79 - 84
  • [4] Partially Bounded Context-Aware Verification
    Le Roux, Luka
    Teodorov, Ciprian
    SOFTWARE ENGINEERING AND FORMAL METHODS (SEFM 2019), 2019, 11724 : 532 - 548
  • [5] A reliable context-aware intrusion tolerant system
    Saidane, Ayda
    ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2007: OTM 2007 WORKSHOPS, PT 2, PROCEEDINGS, 2007, 4806 : 1062 - 1070
  • [6] Context-aware Mobile Platform for Intellectual Disaster Alerts System
    Chang, Hyokyung
    Kang, Yongho
    Ahn, Hyosik
    Jang, Changbok
    Choi, Euiin
    2012 INTERNATIONAL CONFERENCE ON FUTURE ENERGY, ENVIRONMENT, AND MATERIALS, PT B, 2012, 16 : 1318 - 1323
  • [7] CAHOOT: a Context-Aware veHicular intrusiOn detectiOn sysTem
    Micale, Davide
    Costantino, Gianpiero
    Matteucci, Ilaria
    Fenzl, Florian
    Rieke, Roland
    Patane, Giuseppe
    2022 IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, TRUSTCOM, 2022, : 1211 - 1218
  • [8] A context-aware robust intrusion detection system: a reinforcement learning-based approach
    Sethi, Kamalakanta
    Rupesh, E. Sai
    Kumar, Rahul
    Bera, Padmalochan
    Madhav, Y. Venu
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2020, 19 (06) : 657 - 678
  • [9] A context-aware robust intrusion detection system: a reinforcement learning-based approach
    Kamalakanta Sethi
    E. Sai Rupesh
    Rahul Kumar
    Padmalochan Bera
    Y. Venu Madhav
    International Journal of Information Security, 2020, 19 : 657 - 678
  • [10] A formal framework for context-aware systems specification and verification
    Djoudi, Brahim
    Bouanaka, Chafia
    Zeghib, Nadia
    JOURNAL OF SYSTEMS AND SOFTWARE, 2016, 122 : 445 - 462
12345