Research Article
Towards Adaptive False Alarm Reduction Using Cloud as a Service
@INPROCEEDINGS{10.1109/ChinaCom.2013.6694633, author={Yuxin Meng and Wenjuan Li and Lam-For Kwok}, title={Towards Adaptive False Alarm Reduction Using Cloud as a Service}, proceedings={8th International Conference on Communications and Networking in China}, publisher={IEEE}, proceedings_a={CHINACOM}, year={2013}, month={11}, keywords={intrusion detection cloud environment network performance false alarm reduction}, doi={10.1109/ChinaCom.2013.6694633} }- Yuxin Meng
Wenjuan Li
Lam-For Kwok
Year: 2013
Towards Adaptive False Alarm Reduction Using Cloud as a Service
CHINACOM
IEEE
DOI: 10.1109/ChinaCom.2013.6694633
Abstract
False alarm is a challenging issue for an intrusion detection system (IDS), which can significantly decrease the effectiveness of detection and heavily increase the burden on analyzing true alarms. With the advent of Cloud computing, it is a big chance to mitigate this problem in such a promising environment. In our previous work, we proposed to construct an intelligent false alarm filter by selecting an appropriate algorithm in an adaptive way, whereas the additional workload may be an issue for a computer. In this paper, we begin by introducing a Generic Cloud-based Intrusion Detection Architecture (GCIDA) utilized in our work and we then propose a Cloud-based solution to improve the false alarm reduction using Cloud as a Service (CaaS), which can adaptively reduce the false alarms according to different IP sources. In addition, we also describe the procedures and the interactions between the Cloud nodes and the Cloud provider. Experimental results indicate that CaaS can provide sufficient computing power and greatly reduce the workload of adaptive false alarms reduction.