TAILIEUCHUNG - Proposing a new model to improve alert detection in intrusion detection systems

In this article, a method has been presented in which the above mentioned shortcoming will be reduced by semantic expansion of alerts’ information. We will show that semantic expansion of alerts’ information based on background knowledge before clustering step leads to a much better clustering. DARPA dataset is used to evaluate the proposed method. Alerts’ detection rate will be more than 96%, which is better than similar approaches. | International Journal of Computer Networks and Communications Security VOL. 5, NO. 4, APRIL 2017, 76–82 Available online at: E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) Proposing A New Model to Improve Alert Detection in Intrusion Detection Systems Behrooz Shahi Sheykhahmadloo1 and Samira Mehrnoosh2 1 Master of Software Engineering, Department of Computer Engineering, University of Isfahan, Isfahan, Iran 2 Master of Software Engineering, Department of Computer Engineering, University of Shiraz, Shiraz, Iran 1 sheykhahmadloobehrooz@, ABSTRACT Using Intrusion Detection Systems is essential in today's systems to detect cyber attacks. IDS identify undesirable behaviors by getting information from systems that are under their surveillance and give them to network analyst as an Alert. A summary view of network security status is obtained by clustering and labeling alerts. Detection and quality of alerts are the two primary challenges of these systems. The number of IDS alerts is too much that the network analyst can’t survey all of them. In this article, a method has been presented in which the above mentioned shortcoming will be reduced by semantic expansion of alerts’ information. We will show that semantic expansion of alerts’ information based on background knowledge before clustering step leads to a much better clustering. DARPA dataset is used to evaluate the proposed method. Alerts’ detection rate will be more than 96%, which is better than similar approaches. Keywords: Semantic Expansion of Alerts, Clustering Alerts, Intrusion Detection Systems. 1 INTRODUCTION Due to the widespread use of the Internet, internet attacks and unauthorized intrusions in recent years have grown substantially. Intrusion Detection Systems have been introduced to identify and reduce unauthorized intrusions. These systems identify undesirable behaviors by investigating network traffic and systems’ status. Then, give .

• An ninh - Bảo mật
• International Journal of Computer Networks and Communications Security
• Proposing a new model to improve alert detection
• Intrusion detection systems
• The proposed method
• Semantic expansion of alerts’ information
• Securing the sip communications with XML security mechanisms
• VoIP application awareness
• Question of confidentiality and integrity
• Client authentication and data confidentiality
• Proposing minimum performance of proposed topology
• Plateau State University
• Computer networks and Communications Security
• Performance evaluation of manet protocols in communications
• Management of robots in simulation modelling
• Manet protocols in communications
• End To End Delay
• Show network optimization rate including PDR
• Deployment of voip communications in B&A spy agency
• Design and implementation
• Voip communications in B&A spy agency
• VoIP simulated in OPNET
• Proposed architecture and protocol stack for improving QoS
• Wide vehicular communications
• Vehicle to Vehicle
• An enhanced data security with compression for manets
• Enhanced data security
• Self organizing networks
• Wireless local area network security enhancement through penetration testing
• WLANs to achieve
• The frame security
• The standard network security
• Increasing the lifetime of wireless sensor networks
• Selforganizing map algorithm
• Wireless sensor networks
• Self organizing map neural networks
• Cloud computing architecture
• Wireless sensor networks for agricultural applications
• Wireless sensor actor networks
• Adaptive scheme for outliers detection in wireless sensor networks
• The Quality of Service
• Given sensor networks
• Infrared sensor and FBUS technology
• House security system based on mobile phone
• House security system
• Secure the place
• Potential applications of linear wireless sensor networks
• Linear wireless sensor networks
• LWSN in various applications
• LWSN in network topology
• Time dependent finite state machine
• Method for intrusion detection in mobile ad hoc networks
• Mobile ad hoc networks
• Malicious behavior in AODV
• Performance analysis of multimedia traffic
• MPLS communication networks with traffic engineering
• MPLS communication networks
• Conventional IP network
• Inter cluster communication in wireless sensor networks
• Inter cluster communication
• Carrying out efficient diffusion
• Cluster merging and cluster diffusion
• An optimized model for transition from Ipv4 to Ipv6 networks
• Cloud computing environment
• Ipv4 to Ipv6 networks
• Identical traffic and network loads
• The optical communications
• Simulating an optical high debit transmission chain
• Optisystem with comparison of optical windows
• Comparison of optical windows
• New unicast routing algorithm for load balancing
• Multigateway wireless mesh networks
• Negative percent algorithms
• Wireless mesh networks
• Detection of service attack
• Defense against distributed denial of service attack
• Packet filtration in wireless sensor networks
• An advance security technique challenges to government
• Wireless sensor network for health
• Emphasize ongoing treatment challenges
• Wireless sensor network
• Medical information systems
• The security of information in financial transactions via mobile
• Financial transactions via mobile
• Implement a particular algorithm
• A comprehensive approach to security requirements engineering
• Incorporating the strengths
• Best practices found
• Evaluation of security function of flipora plug in on browsers
• Flipora plug in on browsers
• Plug in in upon
• Flipora plug in
• Multi perspective analysis framework
• Multi level analysis framework
• Network security situational awareness
• Multi data analyzing researc
• Improving security and performance in the tor network
• The tor network
• IP hidden in the server