Abstract
The real-time prediction of network security situation can significantly improve the monitoring and emergency response capability of the network. However, in practice, if there are a large amount of false predictions, the network administrators should become insensitive and will finally ignore all prediction results. In this paper, we try to solve this issue and propose a novel False Positive Adaptive (FPA) method for network security situation prediction. The main idea of our method is using extrainformation to reduce the number of false positives in prediction. In the model training step, we take advantage of host and network information to eliminate meaningless alerts produced by security tools such as Intrusion Detection System (IDS) and firewall, thus assuring the accuracy of the training samples. In the prediction step, we utilize the detection information from security tools to confirm the prediction results automatically. If the previous predictions are not detected, they will be considered as false positives and the prediction model will be retrained by incremental learning. In our work, the model training and incremental learning is accomplished efficiently by neural network and boosting algorithm.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
