Reducing False Negatives and Realizing the Active Response for Intelligent Intrusion Detection Decision Response System
Abstract:As soon as the Intrusion Detection System (IDS) detects any suspicious or malicious activity, it will generate alarms. Unfortunately, the triggered alarms usually are accompanied with huge number of false alarms (falsepositives and false-negatives) which is the key performance parameters of the IDS. In our previous paper, we proposed a novel intelligent intrusion detection, decision, response system (I2D2RS) with fuzzy theory, which use the two essential information times and time, of the failed login to decide automatically the attacker like an experienced system/security administrator. Though the system can reduce the false alarms perfectly, the capability of processing simultaneous multi-point attack is relatively weak, and then false-negatives will be occurred. In this paper, we have done two improvements; one is that we employ a preprocessing module to collect the failed login information before data processing. The proposed approach changes the processing procedure from serial to parallel processing, thus eliminates the false-negatives. The efficiency of these improvements was confirmed with the experiments. Another is in the actual experiment environment the system realized the automatic active response functions.
Document Type: Research Article
Publication date: March 1, 2012
More about this publication?
- ADVANCED SCIENCE LETTERS is an international peer-reviewed journal with a very wide-ranging coverage, consolidates research activities in all areas of (1) Physical Sciences, (2) Biological Sciences, (3) Mathematical Sciences, (4) Engineering, (5) Computer and Information Sciences, and (6) Geosciences to publish original short communications, full research papers and timely brief (mini) reviews with authors photo and biography encompassing the basic and applied research and current developments in educational aspects of these scientific areas.
- Editorial Board
- Information for Authors
- Subscribe to this Title
- Ingenta Connect is not responsible for the content or availability of external websites