Skip to main content
SpringerLink
Log in

IDS False Alarm Filtering Using KNN Classifier

  • Conference paper
Information Security Applications (WISA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3325))

Included in the following conference series:

Abstract

Intrusion detection is one of he important aspects in computer security. Many commercial intrusion detection systems (IDSs) are available and are widely used by organizations. However, most of them suffer from the problem of high false alarm rate, which added heavy workload to security officers who are responsible for handling the alarms. In this paper, we propose a new method to reduce the number of false alarms. We model the normal alarm patterns of IDSs and detect anomaly from incoming alarm streams using k-nearest-neighbor classifier. Preliminary experiments show that our approach successfully reduces up to 93% of false alarms generated by a famous IDS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT/CC Statistics 1988-2003: CERT Coordination Centre, Carnegie Mellon University, http://www.cert.org/stats/cert_stats.html

  2. Bace, R.: Intrusion Detection. Macmillan Technical Publishing, NYC (2000)

    Google Scholar 

  3. Julisch, K.: Dealing with False Positives in Intrusion Detection. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907. Springer, Heidelberg (2000)

    Google Scholar 

  4. Seleznyov, A., Puuronen, S.: HIDSUR: a hybrid intrusion detection system based on real-time user recognition. In: Proceedings of 11th International Workshop on Database and Expert Systems Applications, pp. 41–45 (2000)

    Google Scholar 

  5. Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A data mining analysis of RTID alarms. Computer Networks 34(4), 571–577 (2000)

    Article  Google Scholar 

  6. Julisch, K.: Mining Alarm Clusters to Improve Alarm Handling Efficiency. In: Proceedings of the 17th Annual Conference on Computer Security Applications, pp. 12–21 (2001)

    Google Scholar 

  7. Julisch, K., Dacier, M.: Mining Intrusion Detection Alarms for Actionable Knowledge. In: Proceedings of the 8th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 266–375 (2002)

    Google Scholar 

  8. Liao, Y., Vemuri, V.R.: Use of K-Nearest Neighbor classifier for intrusion detection. Computers and Security 21(5), 439–448 (2002)

    Article  Google Scholar 

  9. DARPA Intrusion Detection Evaluation, MIT Lincoln Laboratory, http://www.ll.mit.edu/IST/ideval/

  10. Snort, http://www.snort.org/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, City University of Hong Kong, Kowloon, Hong Kong

    Kwok Ho Law & Lam For Kwok

Authors
  1. Kwok Ho Law
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lam For Kwok
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Computer Engineering, Sejong University, 143-747, Seoul, Korea

    Chae Hoon Lim

  2. Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Law, K.H., Kwok, L.F. (2005). IDS False Alarm Filtering Using KNN Classifier. In: Lim, C.H., Yung, M. (eds) Information Security Applications. WISA 2004. Lecture Notes in Computer Science, vol 3325. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31815-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31815-6_10

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24015-0

  • Online ISBN: 978-3-540-31815-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation