J. Broderick -- Editor. IBM Outsourced Solution, 1998. http://www.infoworld.com/cgi-bin/ displayTC.pl?/980504sb3-ibm.htm.  Home/Search   Document Not in Database   Summary   Related Articles

....analyze the events occuring in a computer system. IDSs trigger alarms when they detect signs of security violations. The response to such security incidents is site dependent, but typically includes law suits, firewall reconfigurations, and the fixing of discovered vulnerabilities. Practitioners [9, 33] as well as researchers [8, 11, 30] have observed that IDSs can easily trigger thousands of alarms Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial ....

....to 99 of which are false positives (i.e. alarms that were triggered incorrectly by benign events) This flood of mostly false alarms has made it very di#cult to identify the (hidden) true attacks. For example, the manual investigation of alarms has been found to be labor intensive and error prone [9, 12, 33]. Tools to automate alarm investigation are being developed [12, 14, 42] but there is currently no silver bullet solution to this problem. This paper shows that data mining can be used to support and partially automate the investigation of intrusion detection alarms. Specifically, we mine ....

J. Broderick -- Editor. IBM Outsourced Solution, 1998. http://www.infoworld.com/cgi-bin/ displayTC.pl?/980504sb3-ibm.htm.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC