A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts
The Alert Detection Engine (ADE) is a powerful network security system that is used to secure computer networks. ADE can detect security breaches which other forms of security measures unable to uncover. Yet, it still suffers from the problem of generating huge amounts of alerts that are mostly fals...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2013
|
| Subjects: | |
| Online Access: | http://eprints.usm.my/43512/1/Karim%20Hashim%20Kraidi%20Al-Saedi24.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-usm-ep.43512 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-usm-ep.435122019-04-12T05:26:10Z A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts 2013-09 Al-Saedi, Karim Hashim Kraidi QA75.5-76.95 Electronic computers. Computer science The Alert Detection Engine (ADE) is a powerful network security system that is used to secure computer networks. ADE can detect security breaches which other forms of security measures unable to uncover. Yet, it still suffers from the problem of generating huge amounts of alerts that are mostly false positives. Each ADE generates a large number of alerts, where some are real and the others are not (i.e. false or redundant alert). Consequently, this increases the ambiguity among the decision makers as they conduct assessments of alerts. In particular, real alerts of ADE are not classified based on the magnitude of the threat they pose. Therefore, it is difficult for the security analyst to identify attacks and take remedial action against their threats, making it necessary to categorize the magnitude of each threat. For this reason, it becomes necessary to categorize the degrees of threat using data mining techniques, especially where huge data are involved. Several reduction and assessment approaches have been proposed to solve these problems; however, they unable to address many other problems related to ADE. This thesis proposes a new framework called A False Alert Reduction and an Alert Score Assessment Framework for Intrusion Alerts. The objectives of using this framework are to reduce the false alerts and to assess such alerts and examine their threat scores. This work aims to provide a full understanding of the network attacks as well as ease the process for the analysts and save their time. Framework is a standalone system that can work online and offline. It combines the following algorithms: the first algorithm is New Alert Reduction (NAR) algorithm to remove the redundancy from the alert’s file and reduce the false positives. 2013-09 Thesis http://eprints.usm.my/43512/ http://eprints.usm.my/43512/1/Karim%20Hashim%20Kraidi%20Al-Saedi24.pdf application/pdf en public phd doctoral Universiti Sains Malaysia Pusat Pengajian Sains Komputer |
| institution |
Universiti Sains Malaysia |
| collection |
USM Institutional Repository |
| language |
English |
| topic |
QA75.5-76.95 Electronic computers Computer science |
| spellingShingle |
QA75.5-76.95 Electronic computers Computer science Al-Saedi, Karim Hashim Kraidi A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| description |
The Alert Detection Engine (ADE) is a powerful network security system that is used to secure computer networks. ADE can detect security breaches which other forms of security measures unable to uncover. Yet, it still suffers from the problem of generating huge amounts of alerts that are mostly false positives. Each ADE generates a large number of alerts, where some are real and the others are not (i.e. false or redundant alert). Consequently, this increases the ambiguity among the decision makers as they conduct assessments of alerts. In particular, real alerts of ADE are not classified based on the magnitude of the threat they pose. Therefore, it is difficult for the security analyst to identify attacks and take remedial action against their threats, making it necessary to categorize the magnitude of each threat. For this reason, it becomes necessary to categorize the degrees of threat using data mining techniques, especially where huge data are involved. Several reduction and assessment approaches have been proposed to solve these problems; however, they unable to address many other problems related to ADE.
This thesis proposes a new framework called A False Alert Reduction and an Alert Score Assessment Framework for Intrusion Alerts. The objectives of using this framework are to reduce the false alerts and to assess such alerts and examine their threat scores. This work aims to provide a full understanding of the network attacks as well as ease the process for the analysts and save their time. Framework is a standalone system that can work online and offline. It combines the following algorithms: the first algorithm is New Alert Reduction (NAR) algorithm to remove the redundancy from the alert’s file and reduce the false positives. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Al-Saedi, Karim Hashim Kraidi |
| author_facet |
Al-Saedi, Karim Hashim Kraidi |
| author_sort |
Al-Saedi, Karim Hashim Kraidi |
| title |
A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| title_short |
A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| title_full |
A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| title_fullStr |
A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| title_full_unstemmed |
A False Alert Reduction And An Alert Score Assessment Framework For Intrusion Alerts |
| title_sort |
false alert reduction and an alert score assessment framework for intrusion alerts |
| granting_institution |
Universiti Sains Malaysia |
| granting_department |
Pusat Pengajian Sains Komputer |
| publishDate |
2013 |
| url |
http://eprints.usm.my/43512/1/Karim%20Hashim%20Kraidi%20Al-Saedi24.pdf |
| _version_ |
1747821230297186304 |