An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts

J. Andrew; G. Jaspher W. Kathrine

doi:10.1007/978-981-10-7200-0_23

An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts

J. Andrew, G. Jaspher W. Kathrine

Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal

Research output: Chapter in Book/Report/Conference proceeding › Chapter

5 Citations (Scopus)

Abstract

Intrusion detection system (IDS) is one of the network security tools which monitors the network traffic for suspicious activity and alerts the network administrator. In large networks, huge volumes of false alerts are generated by IDS which reduces the effectiveness of the system and increases the work of the network administrator. The false incoming alerts raised by IDS lower the defence of network. In this paper, post-correlation methods such as prioritization and clustering are used to analyse intrusion alerts. The proposed framework uses prioritization to classify important and unimportant alerts and clustering approaches by correlating the alerts. Scalable distance-based clustering (SDC) is applied to further reduce the false alerts efficiently.

Original language	English
Title of host publication	Advances in Intelligent Systems and Computing
Publisher	Springer Verlag
Pages	257-268
Number of pages	12
DOIs	https://doi.org/10.1007/978-981-10-7200-0_23
Publication status	Published - 2018

Publication series

Name	Advances in Intelligent Systems and Computing
Volume	645
ISSN (Print)	2194-5357

All Science Journal Classification (ASJC) codes

Control and Systems Engineering
Computer Science(all)

Access to Document

10.1007/978-981-10-7200-0_23

Cite this

@inbook{2bd181d1098c4a5b9f6eeaa807286459,

title = "An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts",

abstract = "Intrusion detection system (IDS) is one of the network security tools which monitors the network traffic for suspicious activity and alerts the network administrator. In large networks, huge volumes of false alerts are generated by IDS which reduces the effectiveness of the system and increases the work of the network administrator. The false incoming alerts raised by IDS lower the defence of network. In this paper, post-correlation methods such as prioritization and clustering are used to analyse intrusion alerts. The proposed framework uses prioritization to classify important and unimportant alerts and clustering approaches by correlating the alerts. Scalable distance-based clustering (SDC) is applied to further reduce the false alerts efficiently.",

author = "J. Andrew and Kathrine, {G. Jaspher W.}",

note = "Publisher Copyright: {\textcopyright} 2018, Springer Nature Singapore Pte Ltd.",

year = "2018",

doi = "10.1007/978-981-10-7200-0_23",

language = "English",

series = "Advances in Intelligent Systems and Computing",

publisher = "Springer Verlag",

pages = "257--268",

booktitle = "Advances in Intelligent Systems and Computing",

address = "Germany",

}

TY - CHAP

T1 - An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts

AU - Andrew, J.

AU - Kathrine, G. Jaspher W.

PY - 2018

Y1 - 2018

N2 - Intrusion detection system (IDS) is one of the network security tools which monitors the network traffic for suspicious activity and alerts the network administrator. In large networks, huge volumes of false alerts are generated by IDS which reduces the effectiveness of the system and increases the work of the network administrator. The false incoming alerts raised by IDS lower the defence of network. In this paper, post-correlation methods such as prioritization and clustering are used to analyse intrusion alerts. The proposed framework uses prioritization to classify important and unimportant alerts and clustering approaches by correlating the alerts. Scalable distance-based clustering (SDC) is applied to further reduce the false alerts efficiently.

AB - Intrusion detection system (IDS) is one of the network security tools which monitors the network traffic for suspicious activity and alerts the network administrator. In large networks, huge volumes of false alerts are generated by IDS which reduces the effectiveness of the system and increases the work of the network administrator. The false incoming alerts raised by IDS lower the defence of network. In this paper, post-correlation methods such as prioritization and clustering are used to analyse intrusion alerts. The proposed framework uses prioritization to classify important and unimportant alerts and clustering approaches by correlating the alerts. Scalable distance-based clustering (SDC) is applied to further reduce the false alerts efficiently.

UR - http://www.scopus.com/inward/record.url?scp=85045134228&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045134228&partnerID=8YFLogxK

U2 - 10.1007/978-981-10-7200-0_23

DO - 10.1007/978-981-10-7200-0_23

M3 - Chapter

AN - SCOPUS:85045134228

T3 - Advances in Intelligent Systems and Computing

SP - 257

EP - 268

BT - Advances in Intelligent Systems and Computing

PB - Springer Verlag

ER -

An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts

Abstract

Publication series

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this