文章基本信息

标题：A new Data Mining-based Approach to Improving the Quality of Alerts in Intrusion Detection Systems
本地全文：下载
作者：Hadi Barani Baravati ; Javad Hosseinkhani ; Solmaz Keikhaee 等
期刊名称：International Journal of Computer Science and Network Security
印刷版ISSN：1738-7906
出版年度：2017
卷号：17
期号：8
页码：194-198
出版社：International Journal of Computer Science and Network Security
摘要：Data mining is about finding insights which are statistically reliable, unknown previously, and actionable from data. This data must be available, relevant, adequate, and clean. Also, the data mining problem must be well-defined, cannot be solved by query and reporting tools, and guided by a data mining process model Thus it is essential to use different security tools in order to protect computer systems and networks. Among these tools, Intrusion Detection Systems (IDSs) are one of the components of Defense-in-depth. One major drawback of IDSs is the generation of a huge number of alerts, most of which are false, redundant, or unimportant. Among different remedy approaches, many researchers proposed the use of data mining. Most of the research done in this area could not address the problems completely. Also, most of them suffer from human dependency and offline functionality. In this research, an online approach is proposed in order to manage alerts issued by IDSs. The proposed approach is able to process alerts produced by heterogeneous IDS systems. The approach is evaluated using DARPA 1999 dataset and Shahid Rajaee Port Complex dataset. Evaluation results show that the proposed approach can reduce the number of alerts by 94.32%, effectively improving alert management process. Because of the utilization of ensemble methodology and ideal algorithms in the proposed methodology, it can advise network security specialist the talk about of the monitored network within an online manner.
关键词：Web Data Mining; Quality of Alerts; Data Mining; Intrusion Detection.