Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Reducing IDS False Positives Using Incremental Stream Clustering Algorithm
MONDIS.
Number of Authors: 1
2009 (English)Independent thesis Advanced level (degree of Master (Two Years))Student thesis
Abstract [en]

Along with Cryptographic protocols and digital signatures, Intrusion Detection Systems(IDS) are considered to be the last line of defense to secure a network. But the main problem with todays most popular commercial IDSs(Intrusion Detection System) is the generation of huge amount of false positive alerts along with the true positive alerts, which is a cumbersome task for the operator to investigate in order to initiate proper responses. So, there is a great demand to explore this area of research and to find out a feasible solution. In this thesis, we have chosen this problem as our main area of research. We have tested the effectiveness of using the Incremental Stream Clustering Algorithm in order to reduce the number of false alerts from an IDS output. This algorithm was tested with output of one of the most popular network based open source IDS, named Snort, which was configured to playback mood to look for DARPA 1999 network traffic dataset. Our approach was evaluated and compared with K-Nearest Neighbor Algorithm. The result shows that the Incremental Stream Clustering Algorithm reduces (more than 99%) the number of false alarms more than that of K-Nearest Neighbor Algorithm (93%).

Place, publisher, year, edition, pages
2009, 1. , 53 p.
Keyword [en]
Intrusion detection system, False positive alert, Incremental Stream Clustering algorithm, DARPA 1999 network traffic dataset
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:ri:diva-23502OAI: oai:DiVA.org:ri-23502DiVA: diva2:1042578
Projects
MONDIS
Available from: 2016-10-31 Created: 2016-10-31Bibliographically approved

Open Access in DiVA

No full text

Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

Total: 4 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.26.0