Using Outlier Detection to Reduce False Positives in Intrusion Detection

2008 ◽  
Author(s):  
Fu Xiao ◽  
Xie Li
Keyword(s):  
Intrusion Detection ◽  
Outlier Detection ◽  
False Positives

ODARM

2010 ◽  
pp. 40-56
Author(s):  
Fu Xiao ◽  
Xie Li
Keyword(s):  
Intrusion Detection ◽  
Outlier Detection ◽  
Domain Knowledge ◽  
Reduction Rate ◽  
Main Idea ◽  
False Positives ◽  
Training Data ◽  
Intrusion Detection Systems ◽  
Data Mining Technique ◽  
Detection Systems

Intrusion Detection Systems (IDSs) are widely deployed with increasing of unauthorized activities and attacks. However they often overload security managers by triggering thousands of alerts per day. And up to 99% of these alerts are false positives (i.e. alerts that are triggered incorrectly by benign events). This makes it extremely difficult for managers to correctly analyze security state and react to attacks. In this chapter the authors describe a novel system for reducing false positives in intrusion detection, which is called ODARM (an Outlier Detection-Based Alert Reduction Model). Their model based on a new data mining technique, outlier detection that needs no labeled training data, no domain knowledge and little human assistance. The main idea of their method is using frequent attribute values mined from historical alerts as the features of false positives, and then filtering false alerts by the score calculated based on these features. In order to filter alerts in real time, they also design a two-phrase framework that consists of the learning phrase and the online filtering phrase. Now they have finished the prototype implementation of our model. And through the experiments on DARPA 2000, they have proved that their model can effectively reduce false positives in IDS alerts. And on real-world dataset, their model has even higher reduction rate.

scholarly journals OFCOD: On the Fly Clustering Based Outlier Detection Framework

Data ◽  
2020 ◽  
Vol 6 (1) ◽  
pp. 1
Author(s):  
Ahmed Elmogy ◽  
Hamada Rizk ◽  
Amany M. Sarhan
Keyword(s):  
Data Mining ◽  
Image Processing ◽  
Intrusion Detection ◽  
Real Time ◽  
Outlier Detection ◽  
Real World ◽  
Medical Data ◽  
Experimental Results ◽  
Real Time Applications ◽  
Real World Datasets

In data mining, outlier detection is a major challenge as it has an important role in many applications such as medical data, image processing, fraud detection, intrusion detection, and so forth. An extensive variety of clustering based approaches have been developed to detect outliers. However they are by nature time consuming which restrict their utilization with real-time applications. Furthermore, outlier detection requests are handled one at a time, which means that each request is initiated individually with a particular set of parameters. In this paper, the first clustering based outlier detection framework, (On the Fly Clustering Based Outlier Detection (OFCOD)) is presented. OFCOD enables analysts to effectively find out outliers on time with request even within huge datasets. The proposed framework has been tested and evaluated using two real world datasets with different features and applications; one with 699 records, and another with five millions records. The experimental results show that the performance of the proposed framework outperforms other existing approaches while considering several evaluation metrics.

scholarly journals False Positive RFID Detection Using Classification Models

2019 ◽  
Vol 9 (6) ◽  
pp. 1154 ◽  
Author(s):  
Ganjar Alfian ◽  
Muhammad Syafrudin ◽  
Bohan Yoon ◽  
Jongtae Rhee
Keyword(s):  
Machine Learning ◽  
Supply Chain ◽  
Real Time ◽  
Outlier Detection ◽  
Radio Frequency Identification ◽  
False Positives ◽  
Machine Learning Algorithms ◽  
Classification Model ◽  
Automated Identification ◽  
Rfid Data

Radio frequency identification (RFID) is an automated identification technology that can be utilized to monitor product movements within a supply chain in real-time. However, one problem that occurs during RFID data capturing is false positives (i.e., tags that are accidentally detected by the reader but not of interest to the business process). This paper investigates using machine learning algorithms to filter false positives. Raw RFID data were collected based on various tagged product movements, and statistical features were extracted from the received signal strength derived from the raw RFID data. Abnormal RFID data or outliers may arise in real cases. Therefore, we utilized outlier detection models to remove outlier data. The experiment results showed that machine learning-based models successfully classified RFID readings with high accuracy, and integrating outlier detection with machine learning models improved classification accuracy. We demonstrated the proposed classification model could be applied to real-time monitoring, ensuring false positives were filtered and hence not stored in the database. The proposed model is expected to improve warehouse management systems by monitoring delivered products to other supply chain partners.

scholarly journals False Positives and Negatives from Real Traffic with Intrusion Detection/Prevention Systems

2012 ◽  
pp. 87-90 ◽  
Author(s):  
Cheng-Yuan Ho ◽  
Ying-Dar Lin ◽  
Yuan-Cheng Lai ◽  
I-Wei Chen ◽  
Fu-Yu Wang ◽  
...  
Keyword(s):  
Intrusion Detection ◽  
False Positives ◽  
Real Traffic ◽  
False Positives And Negatives

scholarly journals Intelligent Agent-Based Intrusion Detection System Using Enhanced Multiclass SVM

2012 ◽  
Vol 2012 ◽  
pp. 1-10 ◽  
Author(s):  
S. Ganapathy ◽  
P. Yogesh ◽  
A. Kannan
Keyword(s):  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Outlier Detection ◽  
Intelligent Agent ◽  
Support Vector ◽  
Detection Accuracy ◽  
Data Set ◽  
Agent Based ◽  
Multiclass Svm

Intrusion detection systems were used in the past along with various techniques to detect intrusions in networks effectively. However, most of these systems are able to detect the intruders only with high false alarm rate. In this paper, we propose a new intelligent agent-based intrusion detection model for mobile ad hoc networks using a combination of attribute selection, outlier detection, and enhanced multiclass SVM classification methods. For this purpose, an effective preprocessing technique is proposed that improves the detection accuracy and reduces the processing time. Moreover, two new algorithms, namely, an Intelligent Agent Weighted Distance Outlier Detection algorithm and an Intelligent Agent-based Enhanced Multiclass Support Vector Machine algorithm are proposed for detecting the intruders in a distributed database environment that uses intelligent agents for trust management and coordination in transaction processing. The experimental results of the proposed model show that this system detects anomalies with low false alarm rate and high-detection rate when tested with KDD Cup 99 data set.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

Sign in / Sign up

Export Citation Format

Share Document