Intrusion detection systems alerts reduction

New approach for forensics readiness

Aymen Akremi, Hassen Sallay, Mohsen Rouached

Research output: Chapter in Book/Report/Conference proceedingChapter

Abstract

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Original languageEnglish
Title of host publicationSecurity and Privacy Management, Techniques, and Protocols
PublisherIGI Global
Pages255-275
Number of pages21
ISBN (Electronic)9781522555841
ISBN (Print)1522555838, 9781522555834
DOIs
Publication statusPublished - Apr 6 2018

Fingerprint

Miners
Intrusion detection
HIgh speed networks
Association rules
Classifiers

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Akremi, A., Sallay, H., & Rouached, M. (2018). Intrusion detection systems alerts reduction: New approach for forensics readiness. In Security and Privacy Management, Techniques, and Protocols (pp. 255-275). IGI Global. https://doi.org/10.4018/978-1-5225-5583-4.ch010

Intrusion detection systems alerts reduction : New approach for forensics readiness. / Akremi, Aymen; Sallay, Hassen; Rouached, Mohsen.

Security and Privacy Management, Techniques, and Protocols. IGI Global, 2018. p. 255-275.

Research output: Chapter in Book/Report/Conference proceedingChapter

Akremi, A, Sallay, H & Rouached, M 2018, Intrusion detection systems alerts reduction: New approach for forensics readiness. in Security and Privacy Management, Techniques, and Protocols. IGI Global, pp. 255-275. https://doi.org/10.4018/978-1-5225-5583-4.ch010
Akremi A, Sallay H, Rouached M. Intrusion detection systems alerts reduction: New approach for forensics readiness. In Security and Privacy Management, Techniques, and Protocols. IGI Global. 2018. p. 255-275 https://doi.org/10.4018/978-1-5225-5583-4.ch010
Akremi, Aymen ; Sallay, Hassen ; Rouached, Mohsen. / Intrusion detection systems alerts reduction : New approach for forensics readiness. Security and Privacy Management, Techniques, and Protocols. IGI Global, 2018. pp. 255-275
@inbook{8846553915b74032ab1617ae65a0daea,
title = "Intrusion detection systems alerts reduction: New approach for forensics readiness",
abstract = "Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.",
author = "Aymen Akremi and Hassen Sallay and Mohsen Rouached",
year = "2018",
month = "4",
day = "6",
doi = "10.4018/978-1-5225-5583-4.ch010",
language = "English",
isbn = "1522555838",
pages = "255--275",
booktitle = "Security and Privacy Management, Techniques, and Protocols",
publisher = "IGI Global",

}

TY - CHAP

T1 - Intrusion detection systems alerts reduction

T2 - New approach for forensics readiness

AU - Akremi, Aymen

AU - Sallay, Hassen

AU - Rouached, Mohsen

PY - 2018/4/6

Y1 - 2018/4/6

N2 - Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

AB - Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

UR - http://www.scopus.com/inward/record.url?scp=85047297570&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85047297570&partnerID=8YFLogxK

U2 - 10.4018/978-1-5225-5583-4.ch010

DO - 10.4018/978-1-5225-5583-4.ch010

M3 - Chapter

SN - 1522555838

SN - 9781522555834

SP - 255

EP - 275

BT - Security and Privacy Management, Techniques, and Protocols

PB - IGI Global

ER -