A model for anomaly classification in intrusion detection systems
[摘要] Intrusion Detection Systems (IDS) are traditionally divided into two types according to the detection methods they employ, namely (i) misuse detection and (ii) anomaly detection. Anomaly detection has been widely used and its main advantage is the ability to detect new attacks. However, the analysis of anomalies generated can become expensive, since they often have no clear information about the malicious events they represent. In this context, this paper presents a model for automated classification of alerts generated by an anomaly based IDS. The main goal is either the classification of the detected anomalies in well-defined taxonomies of attacks or to identify whether it is a false positive misclassified by the IDS. Some common attacks to computer networks were considered and we achieved important results that can equip security analysts with best resources for their analyses.
[发布日期] [发布机构] Department of Computer Science and Statistics (DCCE), São Paulo State University (UNESP), São José do Rio Preto, Brazil^1
[效力级别] 数学 [学科分类]
[关键词] Analysis of anomaly;Anomaly based IDS;Anomaly detection;Automated classification;Detection methods;False positive;Intrusion Detection Systems;Misuse detection [时效性]