M Moghimi
Hybrid rule threshold adjustment system for intrusion detection
Moghimi, M; Saraee, MH
Abstract
Generally, multiple IDSs generates huge volume of alerts every minute and to manage these alerts, rule-based alert management systems are very important. It is critical to keep the rules inside these systems updated, based on the ever changing network environment. Rule Threshold Adjustment is the solution to this problem and it is able to keep the rules updated. Rule Threshold Adjustment tunes the internal thresholds and keeps the structure unchanged. In this paper, we propose a hybrid threshold Adjustment framework by combining both the online and offline adjustment module together. This hybrid adjustment will be more robust and efficient in adjustment the threshold in real time and to keep the threshold fine-adjusted. The online module should work in real time to adjust the thresholds, whereas the offline module will be using some parts of the recent alerts to adjust the thresholds. We have implemented this method and evaluated it using real-world datasets. Our approach was successfully able to adjust the rules in all the cases with marginal error
Citation
Moghimi, M., & Saraee, M. (2011, September). Hybrid rule threshold adjustment system for intrusion detection. Presented at The 8th International ISC Conference on Information Security and Cryptology (ISCISC 2011), September 14-15, 2011 - Ferdowsi University of Mashhad,, Mashhad, Iran
Presentation Conference Type | Other |
---|---|
Conference Name | The 8th International ISC Conference on Information Security and Cryptology (ISCISC 2011), September 14-15, 2011 - Ferdowsi University of Mashhad, |
Conference Location | Mashhad, Iran |
Start Date | Sep 14, 2011 |
End Date | Sep 15, 2011 |
Publication Date | Sep 14, 2011 |
Deposit Date | Aug 30, 2013 |
Book Title | 2011 8th International ISC Conference on Information Security and Cryptology |
DOI | https://doi.org/10.1109/ISCISC.2011.6062342 |
Publisher URL | http://dx.doi.org/10.1109/ISCISC.2011.6062342 |
Related Public URLs | http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6062342 |
Additional Information | Event Type : Conference Funders : Sepehr S. T. Co. Ltd, Tehran, Iran |
You might also like
Optimizing the Parameters of Relay Selection Model in D2D Network
(2024)
Conference Proceeding
Multiclass Classification and Defect Detection of Steel tube using modified YOLO
(2023)
Conference Proceeding
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search