Abstract

The concurrent reductions of true and false positives in Intrusion Detection Systems are exploitable avenues for attacks to succeed for a number of reasons. Firstly, intrusion detectors can concurrently generate numerous false positives with true positives. Secondly, intrusion aggregation models that are designed to reduce alerts workload reduce clusters of true and false positives at the same rate because the reduction of alert redundancies is not separated from that of false positives. Consequently, there are growing rate of computer attacks despite the inclusion of network detectors on the networks. Therefore, this paper presents a model to investigate these problems. The model consisted of two cooperative components of clustering rules that respectively eliminated redundancies and false positives. Evaluations with series of synthetic and realistic datasets have demonstrated how network analysts could significantly reduce false positive and redundancies in realistic networks and how to promptly thwart ongoing attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.