False alarm reduction in signature‐based IDS: game theory approach. Issue 18 (8th November 2016)
- Record Type:
- Journal Article
- Title:
- False alarm reduction in signature‐based IDS: game theory approach. Issue 18 (8th November 2016)
- Main Title:
- False alarm reduction in signature‐based IDS: game theory approach
- Authors:
- Subba, Basant
Biswas, Santosh
Karmakar, Sushanta - Abstract:
- Abstract: Signature‐based intrusion detection systems (IDSs) are employed to monitor computer networks for signs of network intrusions. However, they produce a large number of false positive alarms when operated with default settings without considering the underlying network environment. Inundation of false alarms is the Achilles heel of IDS technology, which could render the IDS ineffective in detecting network attacks. Several false alarm minimization approaches have been proposed in the literature. However, there are many drawbacks associated with these works, namely, modification of well‐established attack signatures; heavy dependence on the attack signatures' reference numbers, which might not always be available; and non‐consideration of the underlying network context information. In this paper, we propose an efficient game theory‐based false alarm minimization scheme for signature‐based IDS. The proposed scheme uses a game theory‐based correlation engine to correlate IDS alarms with network vulnerabilities to minimize the overall false positive alarm rate of the IDS. Experimental results and comparison analysis of the proposed false alarm minimization framework with other frameworks on the benchmark DARPA intrusion detection evaluation dataset and an in‐house IIT Guwahati Lab dataset show that the proposed scheme achieves the highest accuracy among all the frameworks under consideration without degrading the overall detection rate of the IDS. Copyright © 2016 JohnAbstract: Signature‐based intrusion detection systems (IDSs) are employed to monitor computer networks for signs of network intrusions. However, they produce a large number of false positive alarms when operated with default settings without considering the underlying network environment. Inundation of false alarms is the Achilles heel of IDS technology, which could render the IDS ineffective in detecting network attacks. Several false alarm minimization approaches have been proposed in the literature. However, there are many drawbacks associated with these works, namely, modification of well‐established attack signatures; heavy dependence on the attack signatures' reference numbers, which might not always be available; and non‐consideration of the underlying network context information. In this paper, we propose an efficient game theory‐based false alarm minimization scheme for signature‐based IDS. The proposed scheme uses a game theory‐based correlation engine to correlate IDS alarms with network vulnerabilities to minimize the overall false positive alarm rate of the IDS. Experimental results and comparison analysis of the proposed false alarm minimization framework with other frameworks on the benchmark DARPA intrusion detection evaluation dataset and an in‐house IIT Guwahati Lab dataset show that the proposed scheme achieves the highest accuracy among all the frameworks under consideration without degrading the overall detection rate of the IDS. Copyright © 2016 John Wiley & Sons, Ltd. Abstract : Signature‐based intrusion detection systems produce a large number of false positive alarms when operated with default settings. In this paper, we propose an efficient game theory‐based false alarm minimization scheme for signature‐based IDS that uses a correlation engine to correlate IDS alarms with network vulnerabilities to minimize the overall false positive alarm rate of the IDS. Experimental results show that proposed scheme achieves high accuracy without degrading the overall detection rate of the IDS. … (more)
- Is Part Of:
- Security and communication networks. Volume 9:Issue 18(2016)
- Journal:
- Security and communication networks
- Issue:
- Volume 9:Issue 18(2016)
- Issue Display:
- Volume 9, Issue 18 (2016)
- Year:
- 2016
- Volume:
- 9
- Issue:
- 18
- Issue Sort Value:
- 2016-0009-0018-0000
- Page Start:
- 4863
- Page End:
- 4881
- Publication Date:
- 2016-11-08
- Subjects:
- intrusion detection system (IDS) -- game theory -- Nash equilibrium (NE) -- true positive (TP) alarm -- false positive (FP) alarm -- false negative (FN) alarm
Computer networks -- Security measures -- Periodicals
Computer security -- Periodicals
Cryptography -- Periodicals
005.805 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1939-0122 ↗
https://www.hindawi.com/journals/scn/ ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/sec.1661 ↗
- Languages:
- English
- ISSNs:
- 1939-0114
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD Digital store
- Ingest File:
- 2082.xml