Towards reducing false alarms in network intrusion detection systems with data summarization technique
Article first published online: 17 MAY 2012
Copyright © 2012 John Wiley & Sons, Ltd.
Security and Communication Networks
Volume 6, Issue 3, pages 275–285, March 2013
How to Cite
Hubballi, N., Biswas, S. and Nandi, S. (2013), Towards reducing false alarms in network intrusion detection systems with data summarization technique. Security Comm. Networks, 6: 275–285. doi: 10.1002/sec.562
- Issue published online: 25 FEB 2013
- Article first published online: 17 MAY 2012
- false alarm minimization;
- intrusion detection;
- data summarization;
- anomaly detection
Anomaly based intrusion detection systems (IDSs) create a benign behavior profile of the network, and any deviation from this profile is considered as an attack. Many of the algorithms proposed in the literature for anomaly IDS fall into cluster analysis category. As networks become faster in operation, the amount of data that needs to be analyzed becomes huge. Many clustering techniques require more than one pass on the dataset; thus, when used as anomaly IDSs, these algorithms becomes computationally expensive and cannot work for such high-speed networks. To handle voluminous data, anomaly IDS schemes have been proposed that use data summarization techniques. Data summarization techniques found in the literature suffer from false alarms due to improper clustering when used as anomaly IDS. In this paper, an anomaly IDS is proposed that is capable of handling large dataset yet minimizing false alarms. Copyright © 2012 John Wiley & Sons, Ltd.