Data Mining Based Technique for IDS Alerts Classification

Hany N. Gabra; Ayman M. Bahaa-Eldin; Hoda K. Mohamed

arXiv:1211.1158·cs.CR·February 22, 2013·1 cites

Data Mining Based Technique for IDS Alerts Classification

Hany N. Gabra, Ayman M. Bahaa-Eldin, Hoda K. Mohamed

PDF

Open Access

TL;DR

This paper proposes a data mining technique for classifying IDS alerts to distinguish serious alerts from irrelevant ones, achieving 99.9% accuracy and reducing human intervention.

Contribution

It introduces a novel data mining-based classification method that outperforms recent techniques in IDS alert filtering.

Findings

01

Achieved 99.9% classification accuracy

02

Created a ranked alerts list based on importance

03

Outperformed recent data mining methods with 97% accuracy

Abstract

Intrusion detection systems (IDSs) have become a widely used measure for security systems. The main problem for those systems results is the irrelevant alerts on those results. We will propose a data mining based method for classification to distinguish serious alerts and irrelevant one with a performance of 99.9% which is better in comparison with the other recent data mining methods that have reached the performance of 97%. A ranked alerts list also created according to alerts importance to minimize human interventions.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsNetwork Security and Intrusion Detection · Anomaly Detection Techniques and Applications · Advanced Malware Detection Techniques