A new framework for online rule threshold adjustment in intrusion detection
Moghimi, MM and Saraee, M 2011, A new framework for online rule threshold adjustment in intrusion detection , in: The 2011 IEEE CSI International Symposium on Computer Science and Software Engineering (CSSE-2011), , June 15-16, 2011, Tehran Iran.
|PDF - Published Version |
Restricted to Repository staff only
Download (639kB) | Request a copy
Generally, rule-based systems work to make sense of a large volume of alerts generated by the intrusion detection systems (IDSs) every minute. Hence, it is very significant to verify that these systems are error-free and that the rules are suitable for the current network. This topic is addressed by Rule Adjustment, which automatically adjusts the rules based on the current network environment. The problem with the rule adjustment is to adjust the internal thresholds and to keep the structure unchanged. In this paper, we propose a method for adjusting the rules, online. This method does the threshold adjustment without changing the structure of the rules. Here, our approach for online threshold adjustment is to monitor the alerts and detect constant changes in them. And then, we adjust the appropriate thresholds. We have implemented this method and evaluated it using real-world datasets. Our approach was successful.
|Item Type:||Conference or Workshop Item (Paper)|
|Themes:||Media, Digital Technology and the Creative Economy|
|Schools:||Colleges and Schools > College of Science & Technology > School of Computing, Science and Engineering > Data Mining and Pattern Recognition Research Centre|
|Journal or Publication Title:||Proceedings of the 2011 CSI International Symposium on Computer Science and Software Engineering (CSSE-2011), June 15-16, 2011, Sharif University of Technology Tehran, Iran.|
|Depositing User:||Dr Mo Saraee|
|Date Deposited:||03 Nov 2011 15:24|
|Last Modified:||03 Nov 2011 15:24|
Document DownloadsMore statistics for this item...
Actions (login required)
|Edit record (repository staff only)|