M Moghimi
A new framework for online rule threshold adjustment in intrusion detection
Moghimi, M; Saraee, MH
Abstract
Generally, rule-based systems work to make sense of a large volume of alerts generated by the intrusion detection systems (IDSs) every minute. Hence, it is very significant to verify that these systems are error-free and that the rules are suitable for the current network. This topic is addressed by Rule Adjustment, which automatically adjusts the rules based on the current network environment. The problem with the rule adjustment is to adjust the internal thresholds and to keep the structure unchanged. In this paper, we propose a method for adjusting the rules, online. This method does the threshold adjustment without changing the structure of the rules. Here, our approach for online threshold adjustment is to monitor the alerts and detect constant changes in them. And then, we adjust the appropriate thresholds. We have implemented this method and evaluated it using real-world datasets. Our approach was successfully able to adjust the rules in all the cases with marginal error.
Citation
Moghimi, M., & Saraee, M. (2011, June). A new framework for online rule threshold adjustment in intrusion detection. Presented at 2011 CSI International Symposium on Computer Science and Software Engineering (CSSE), Tehran
| Presentation Conference Type | Other |
|---|---|
| Conference Name | 2011 CSI International Symposium on Computer Science and Software Engineering (CSSE) |
| Conference Location | Tehran |
| Start Date | Jun 15, 2011 |
| End Date | Jun 16, 2011 |
| Online Publication Date | Jul 29, 2011 |
| Publication Date | Jul 29, 2011 |
| Deposit Date | Aug 30, 2013 |
| Book Title | 2011 CSI International Symposium on Computer Science and Software Engineering (CSSE) |
| DOI | https://doi.org/10.1109/CSICSSE.2011.5963992 |
| Publisher URL | http://dx.doi.org/10.1109/CSICSSE.2011.5963992 |
| Related Public URLs | http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=5955056 |
| Additional Information | Event Type : Conference Funders : Sepehr S. T. Co. Ltd, Tehran, Iran |
You might also like
Optimizing the Parameters of Relay Selection Model in D2D Network
(2024)
Conference Proceeding
Multiclass Classification and Defect Detection of Steel tube using modified YOLO
(2023)
Conference Proceeding
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search