An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts

J. Andrew, G. Jaspher W. Kathrine

Research output: Chapter in Book/Report/Conference proceedingChapter

5 Citations (Scopus)

Abstract

Intrusion detection system (IDS) is one of the network security tools which monitors the network traffic for suspicious activity and alerts the network administrator. In large networks, huge volumes of false alerts are generated by IDS which reduces the effectiveness of the system and increases the work of the network administrator. The false incoming alerts raised by IDS lower the defence of network. In this paper, post-correlation methods such as prioritization and clustering are used to analyse intrusion alerts. The proposed framework uses prioritization to classify important and unimportant alerts and clustering approaches by correlating the alerts. Scalable distance-based clustering (SDC) is applied to further reduce the false alerts efficiently.

Original languageEnglish
Title of host publicationAdvances in Intelligent Systems and Computing
PublisherSpringer Verlag
Pages257-268
Number of pages12
DOIs
Publication statusPublished - 2018

Publication series

NameAdvances in Intelligent Systems and Computing
Volume645
ISSN (Print)2194-5357

All Science Journal Classification (ASJC) codes

  • Control and Systems Engineering
  • General Computer Science

Fingerprint

Dive into the research topics of 'An intrusion detection system using correlation, prioritization and clustering techniques to mitigate false alerts'. Together they form a unique fingerprint.

Cite this