Intrusion detection systems alerts reduction: New approach for forensics readiness

Aymen Akremi, Hassen Sallay, Mohsen Rouached

Research output: Chapter in Book/Report/Conference proceedingChapter

1 Citation (Scopus)

Abstract

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Original languageEnglish
Title of host publicationSecurity and Privacy Management, Techniques, and Protocols
PublisherIGI Global
Pages255-275
Number of pages21
ISBN (Electronic)9781522555841
ISBN (Print)1522555838, 9781522555834
DOIs
Publication statusPublished - Apr 6 2018

ASJC Scopus subject areas

  • Computer Science(all)

Fingerprint Dive into the research topics of 'Intrusion detection systems alerts reduction: New approach for forensics readiness'. Together they form a unique fingerprint.

  • Cite this

    Akremi, A., Sallay, H., & Rouached, M. (2018). Intrusion detection systems alerts reduction: New approach for forensics readiness. In Security and Privacy Management, Techniques, and Protocols (pp. 255-275). IGI Global. https://doi.org/10.4018/978-1-5225-5583-4.ch010