Research Article
A Simple Method for Improving Intrusion Detections in Corporate Networks
@INPROCEEDINGS{10.1007/978-3-642-11530-1_13, author={Joshua Nehinbe}, title={A Simple Method for Improving Intrusion Detections in Corporate Networks}, proceedings={Information Security and Digital Forensics. First International Conference, ISDF 2009, London, United Kingdom, September 7-9, 2009, Revised Selected Papers}, proceedings_a={ISDF}, year={2012}, month={5}, keywords={Redundancy probing attacks correlation aggregation equivalent alerts and unique alerts}, doi={10.1007/978-3-642-11530-1_13} }- Joshua Nehinbe
Year: 2012
A Simple Method for Improving Intrusion Detections in Corporate Networks
ISDF
Springer
DOI: 10.1007/978-3-642-11530-1_13
Abstract
Intrusion redundancies are fundamental flaws of all intrusion detection systems. Over the years, these are frequently exploited by stealthy attackers to conceal network attacks because it is fundamentally difficult to discern false alerts from true positives in a massive dataset. Consequently, attacks that are concealed in massive datasets often go undetected. Accordingly, the jobs of system administrators and the return on investment on network intrusion detectors are often threatened. Therefore, this paper presents clustering method that we have designed to lessen these problems. We have broadly evaluated our method on six datasets that comprised of synthetic and realistic attacks. Alerts of each dataset were clustered into equivalent and unique alerts and a cluster of unique alerts was eventually synthesized from them. The results that we have obtained have indicated how system administrators could achieve substantial reduction of redundancies in corporate networks.