Applying Packet based Machine Learning Algorithm to Misuse IDS for Better Performance


The KIPS Transactions:PartC, Vol. 11, No. 3, pp. 301-308, Jun. 2004
10.3745/KIPSTC.2004.11.3.301,   PDF Download:

Abstract

Misuse IDS is known to have an acceptable accuracy but suffers from high rates of false alarms. We show a behavior based alarm reduction with a memory-based machine learning technique. Our extended form of IBL (XIBL) examines SNORT alarm signals if that signal is worthy sending signals to security manager. An experiment shows that there exists an apparent difference between true alarms and false alarms with respect to XIBL behavior. This gives clear evidence that although an attack in the network consists of a sequence of packets, decisions over individual packet can be used in conjunction with misuse IDS for better performance.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from September 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
I. Y. Weon, D. H. Song, C. H. Lee, "Applying Packet based Machine Learning Algorithm to Misuse IDS for Better Performance," The KIPS Transactions:PartC, vol. 11, no. 3, pp. 301-308, 2004. DOI: 10.3745/KIPSTC.2004.11.3.301.

[ACM Style]
Ill Young Weon, Doo Heon Song, and Chang Hoon Lee. 2004. Applying Packet based Machine Learning Algorithm to Misuse IDS for Better Performance. The KIPS Transactions:PartC, 11, 3, (2004), 301-308. DOI: 10.3745/KIPSTC.2004.11.3.301.