M Moghimi
Hybrid rule threshold adjustment system for intrusion detection
Moghimi, M; Saraee, MH
Abstract
Generally, multiple IDSs generates huge volume of alerts every minute and to manage these alerts, rule-based alert management systems are very important. It is critical to keep the rules inside these systems updated, based on the ever changing network environment. Rule Threshold Adjustment is the solution to this problem and it is able to keep the rules updated. Rule Threshold Adjustment tunes the internal thresholds and keeps the structure unchanged. In this paper, we propose a hybrid threshold Adjustment framework by combining both the online and offline adjustment module together. This hybrid adjustment will be more robust and efficient in adjustment the threshold in real time and to keep the threshold fine-adjusted. The online module should work in real time to adjust the thresholds, whereas the offline module will be using some parts of the recent alerts to adjust the thresholds. We have implemented this method and evaluated it using real-world datasets. Our approach was successfully able to adjust the rules in all the cases with marginal error
Citation
Moghimi, M., & Saraee, M. (2011, September). Hybrid rule threshold adjustment system for intrusion detection. Presented at The 8th International ISC Conference on Information Security and Cryptology (ISCISC 2011), September 14-15, 2011 - Ferdowsi University of Mashhad,, Mashhad, Iran
| Presentation Conference Type | Other |
|---|---|
| Conference Name | The 8th International ISC Conference on Information Security and Cryptology (ISCISC 2011), September 14-15, 2011 - Ferdowsi University of Mashhad, |
| Conference Location | Mashhad, Iran |
| Start Date | Sep 14, 2011 |
| End Date | Sep 15, 2011 |
| Publication Date | Sep 14, 2011 |
| Deposit Date | Aug 30, 2013 |
| Book Title | 2011 8th International ISC Conference on Information Security and Cryptology |
| DOI | https://doi.org/10.1109/ISCISC.2011.6062342 |
| Publisher URL | http://dx.doi.org/10.1109/ISCISC.2011.6062342 |
| Related Public URLs | http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6062342 |
| Additional Information | Event Type : Conference Funders : Sepehr S. T. Co. Ltd, Tehran, Iran |
You might also like
Features in extractive supervised single-document summarization: case of Persian news
(2024)
Journal Article
Deriving Environmental Risk Profiles for Autonomous Vehicles From Simulated Trips
(2023)
Journal Article
DeepClean : a robust deep learning technique for autonomous vehicle camera data privacy
(2022)
Journal Article
Machine learning-based optimized link state routing protocol for D2D communication in 5G/B5G
(2022)
Presentation / Conference
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search