Abstract
The existing well-known network based intrusion detection / prevention techniques such as the misuse detection technique, etc., are widely used. However, because the misuse detection based intrusion prevention system is proportionally depending on the detection rules, it causes excessive large false alarm which is linked to wrong correspondence. This study suggests an intrusion prevention system which uses multi-class Support Vector Machines(SVM) as one of the rule based intrusion prevention system and anomaly detection system in order to solve these problems. When proposed scheme is compared with existing intrusion prevention system, it show enhanced performance result that improve about 20% and propose false positive minimize with effective detection on new variant attacks.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hyeon-jeong, J.: Intrusion prevention system based on next-generation network security technology. Journal of Information Science Association 23(1), 21–26 (2005)
Krügel, C., Tóth, T.: Using decision trees to improve signature-based intrusion detectionrderung der wissenschaftlichen forschung), under contract number P13731-MAT. The views expressed in this article are those of the authors and do not necessarily reflect the opinions or pos. In: Vigna, G., Krügel, C., Jonsson, E. (eds.) RAID 2003. LNCS, vol. 2820, pp. 173–191. Springer, Heidelberg (2003)
Golomb, G.: IDS v. IPS Commentary, Linuxsecurity.com News, 6/16/2003, http://www.linuxsecurity.com/articles/forums_article-7476.html
Internet Security System. The Truth about False Positive, White Technical Report (2001)
Lippman, R., et al.: Evaluation intrusion detection system: The 1998 DARPA Off-line intrusion detection evaluation. In: Proc. Of DARPA Information Survivability Conference and Exposition, pp. 12–26 (2000)
Julisch, K.: Mining alarm clusters to improve alarm handling efficiency. In: 17th Annual Computer Security Application Conference (ACSAC), pp. 12–21 (2000)
Cuppens, F., Miege, A.: Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)
Debar, H., Wespi, A.: Aggregation and correlation of intrusion-detection alerts. In: Lee, W., Mé, L., Wespi, A. (eds.) RAID 2001. LNCS, vol. 2212, pp. 85–103. Springer, Heidelberg (2001)
Manganaris, S., Christensen, M., Zerkle, D., Hermiz, K.: A Data Mining Analysis of RTID Alarms. In: 2nd Work-shop on Recent Advances in Intrusion Detection, RAID 1999 (1999)
Campbell, C., Cristianini, N.: Simple Learning Algorithms for Training Support Vector Machines, Technical report, University of Bristol (1998)
Hsu, C.W., Lin, C.J.: A Comparison of Methods for Multi-class Support Vector Machines. IEEE Transaction on Neural Networks 13(2), 415–425 (2002)
Knerr, S., Personnaz, L., Dreyfus, G.: Single-layer Learning Revisited: A Stepwise Procedure for Building and Training a Neural Network. In: Fogelman, J. (ed.) Neuro-computing: Algorithms. Architectures and Applications. Springer, New York (1990)
Burges, C.J.C.: A Tutorial on Support Vector Machines for Pattern Recognition (1998)
Daelemans, W., Zavrel, J., van der Sloot, K., van denBosch, A.: ”TiMBL:Tilburg Memory Based Learner, version 5.1, Reference Guide”, Technical Report 01-04, Induction of Linguistic Knowledge, Tilburg University (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, GH., Lee, HW. (2006). SVM Based False Alarm Minimization Scheme on Intrusion Prevention System. In: Gavrilova, M.L., et al. Computational Science and Its Applications - ICCSA 2006. ICCSA 2006. Lecture Notes in Computer Science, vol 3984. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11751649_31
Download citation
DOI: https://doi.org/10.1007/11751649_31
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34079-9
Online ISBN: 978-3-540-34080-5
eBook Packages: Computer ScienceComputer Science (R0)