A NEW REDUCTION METHOD OF INTRUSION DETECTION FALSE ALERTS USING SNORT

Ben Soh; Daniel Bonello

doi:10.5220/0001397300460053

A NEW REDUCTION METHOD OF INTRUSION DETECTION FALSE ALERTS USING SNORT

Ben Soh, Daniel Bonello

2004

Abstract

In this paper, we propose a new approach to reducing the high levels of false positives encountered when deploying an intrusion detection system using Snort in a real live networking environment. We carry out an analysis of the effectiveness of such method in different networking environments. We conclude that the level of false positives is reduced considerably with the introduction of our implemented pass rules and that the rates at which false positives are generated become manageable.

References

M Roesch, “Snort: The Open Source Network Intrusion Detection System”, http://www.snort.org, December, 1998.
J McHugh et al, “Defending yourself: the role of intrusion detection systems”, IEEE Software, September/October 2000.
Z Yanchao et al, “An immunity-based model for network intrusion detection”, Proceedings of International Conference on Info-tech and Info-net, Beijing, 2001.

Download

Paper Citation

in Harvard Style

Soh B. and Bonello D. (2004). A NEW REDUCTION METHOD OF INTRUSION DETECTION FALSE ALERTS USING SNORT . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE, ISBN 972-8865-15-5, pages 46-53. DOI: 10.5220/0001397300460053

in Bibtex Style

@conference{icete04,
author={Ben Soh and Daniel Bonello},
title={A NEW REDUCTION METHOD OF INTRUSION DETECTION FALSE ALERTS USING SNORT},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,},
year={2004},
pages={46-53},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001397300460053},
isbn={972-8865-15-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 2: ICETE,
TI - A NEW REDUCTION METHOD OF INTRUSION DETECTION FALSE ALERTS USING SNORT
SN - 972-8865-15-5
AU - Soh B.
AU - Bonello D.
PY - 2004
SP - 46
EP - 53
DO - 10.5220/0001397300460053