A NOVEL APPROACH OF ALARM CLASSIFICATION FOR INTRUSION DETECTION BASED UPON DEMPSTER-SHAFER THEORY

Guangsheng Feng, Huiqiang Wang, Qian Zhao

Abstract

As the number of the alarms is increasingly growing, which are generated by intrusion detection systems (IDS), automatic tools for classification have been proposed to fulfil the requirements of the huge volume of alarms. In addition, it has been shown that an accurate classification requires the evidences from different sources, such as different IDS. Further more, Dempster-Shafer theory is a powerful tool in dealing with the uncertainty information. This paper proposes multiple-level classification model, which aims to classify the large sizes of alarms exactly. Experimental results show that this approach has an outstanding capability of classification. Especially it is quite effective in avoiding alarms grouped into the wrong classes in the case of short of evidences.

References

  1. Chen, T. M. and Venkataramanan, V., 2005. DempsterShafer Theory for Intrusion Detection in Ad Hoc Networks. Ad Hoc and P2P Security: 35-41.
  2. Cuppens, F., 2001. Managing Alerts in a Multi-Intrusion Detection Environment. In 17th Annual Computer Security Applications Conference(ACSAC'01) , New Orleans, LA. IEEE Press.
  3. Cuppens, F. and Miege, A., 2002. Alert Correlation in a Cooperative Intrusion Detection Framework. In IEEE Symposium on Security and Privacy, Oakland, USA, IEEE Press.
  4. Debar, H., Dacier,M., et al., 1999. Towards a Taxonomy of Intrusion-Detection Systems. Computer Networks 31: 805-822.
  5. Jian-Wei, Z., Da-Wei, W., et al., 2006. A Network Anomaly Detector Based on the D-S Evidence Theory. Journal of Software 17(3): 463-471.
  6. Kruegel, C., Mutz, D., et al., 2003. Bayesian Event Classification for Intrusion Detection. In Proceedings of the 19th Annual Computer Security Applications Conference, Los Alamitos, USA. IEEE Press.
  7. Lee, W. and Stolfo, S. J., 2000. A Framework for Constructing Features and Models for Intrusion Detection Systems. In ACM Transactions on Information and System Security, ACM Press.
  8. Lee, W., Stolfo, S. J., et al., 1999. Data Mining Framework for Building Intrusion Detection Models. In 1999 IEEE Symposium on Security and Privacy. IEEE Press.
  9. Lippmann, R., Haines, J. W., et al., 2000. The 1999 DARPA Off-line Intrusion Detection Evaluation. Computer Networks 34(4): 579-595.
  10. Mehta, M., Agrawal, R., et al., 1996. SLIQ: A Fast Scalable Classifier for Data Mining. In Conference on Extending Database Technology (EDBT'96), Avignon, France, 1996: 18-33.
  11. Ouali, A., Cherif, A. R., et al., 2006. Data Mining Based Bayesian Networks for Best Classification. Computational Statistics & Data Analysis 51(2): 1278- 1292.
  12. Perdisci, R., Giacinto, G., et al., 2006. Alarm Clustering for Intrusion Detection Systems in Computer Networks. Engineering Applications of Artificial Intelligence 19(4): 429-438.
  13. Valdes, A. and Skinner, K., 2001. Probabilistic Alert Correlation. Recent Advances in Intrusion Detection. In 4th International Symposium, RAID 2001,Lecture Notes in Computer Science. Berlin,German. Springer Press. 2001: 54-68.
  14. Xiang, C. and Lim, S. M., 2005. Design of Multiple-Level Hybrid Classifier for Intrusion Detection System. Machine Learning for Signal Processing, IEEE Press.
Download


Paper Citation


in Harvard Style

Feng G., Wang H. and Zhao Q. (2007). A NOVEL APPROACH OF ALARM CLASSIFICATION FOR INTRUSION DETECTION BASED UPON DEMPSTER-SHAFER THEORY . In Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-972-8865-77-1, pages 234-239. DOI: 10.5220/0001279902340239


in Bibtex Style

@conference{webist07,
author={Guangsheng Feng and Huiqiang Wang and Qian Zhao},
title={A NOVEL APPROACH OF ALARM CLASSIFICATION FOR INTRUSION DETECTION BASED UPON DEMPSTER-SHAFER THEORY},
booktitle={Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2007},
pages={234-239},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001279902340239},
isbn={978-972-8865-77-1},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Third International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - A NOVEL APPROACH OF ALARM CLASSIFICATION FOR INTRUSION DETECTION BASED UPON DEMPSTER-SHAFER THEORY
SN - 978-972-8865-77-1
AU - Feng G.
AU - Wang H.
AU - Zhao Q.
PY - 2007
SP - 234
EP - 239
DO - 10.5220/0001279902340239