A Threat-Aware Anomaly-Based Intrusion-Detection Approach for Obtaining Network-Specific Useful Alarms

Neelakantan, Subramanian; Rao, Shrisha

doi:10.1007/978-3-540-92295-7_21

Cited by 4 publications

(8 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Neelakantan et al . 10 extend the idea given by Reference 8. Reference numbers are used for selection of signatures for the IDS.…”

Section: Related Workmentioning

confidence: 58%

“…In the next subsection, we compare Detection Rate and Accuracy of the proposed scheme with Reference 10.…”

Section: Resultsmentioning

confidence: 99%

“…As discussed in Section 2, false alarms can be minimized based on reference number by a scheme discussed in Reference 8 which was implemented in Reference 10. The technique discussed in Reference 10 considers only those signatures for IDS which have a corresponding vulnerability with a reference numbers in the network. Table V illustrates sets of alarms generated by Snort with and without reference numbers.…”

Section: Resultsmentioning

confidence: 99%

“…Here, Accuracy and Detection Rate obtained using the proposed scheme are compared with the scheme presented in Reference 10. The comparison results are illustrated in Table VI.…”

Section: Resultsmentioning

confidence: 99%

See 3 more Smart Citations

Network specific false alarm reduction in intrusion detection system

Hubballi¹,

Biswas²,

Nandi³

2010

Security Comm Networks

View full text Add to dashboard Cite

Intrusion Detection Systems (IDSs) are used to find the security violations in computer networks. Usually IDSs produce a vast number of alarms that include a large percentage of false alarms. One of the main reason for such false alarm generation is that, in most cases IDSs are run with default set of signatures. In this paper, a scheme for network specific false alarm reduction in IDS is proposed. A threat profile of the network is created and IDS generated alarms are correlated using neural network. Experiments conducted in a test bed have successfully filtered out most of the false alarms for a range of attacks yet maintaining the Detection Rate.

show abstract

“…Neelakantan et al . 10 extend the idea given by Reference 8. Reference numbers are used for selection of signatures for the IDS.…”

Section: Related Workmentioning

confidence: 58%

“…In the next subsection, we compare Detection Rate and Accuracy of the proposed scheme with Reference 10.…”

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

“…Here, Accuracy and Detection Rate obtained using the proposed scheme are compared with the scheme presented in Reference 10. The comparison results are illustrated in Table VI.…”

Section: Resultsmentioning

confidence: 99%

See 2 more Smart Citations

Network specific false alarm reduction in intrusion detection system

Hubballi¹,

Biswas²,

Nandi³

2010

Security Comm Networks

View full text Add to dashboard Cite

show abstract

“…To enhance the threatawareness capability of the system for the anomaly intrusion detection, S. Neelakantan et al presented a model and architecture. The threat-awareness means the system for anomaly intrusion detection can periodically obtain the changing threats in a network and those specific useful alarms [8]. C. Duma et al proposed a P2Pbased overlay for intrusion detection to deal with the insider threat by using a trust-aware engine to detect the correlating alerts and an adaptive scheme to manage trust [9].…”

Section: Introductionmentioning

confidence: 99%

The System Design of a Node of P2P Networks for Intrusion Detection

Ding¹,

Yu²,

Yang³

et al. 2013

JNW

View full text Add to dashboard Cite

To improve the measuring accuracy of intrusion detection, a system design of a node for intrusion detection is proposed in this paper. First, the technology that applies the traditional intrusion detection method, such as anomaly detection and misuse detection, into P2P networks is presented. Next, to build the trust relationship among the nodes, and realize the cooperation mechanism of data detection, collection and response among the nodes of P2P networks, the corresponding solving plans, such as topological structure, trust model, information share and information fusion, are proposed in this paper. Then the concept of network telescope is presented to broaden the field of vision of malicious attacks and abnormal network packets in the propagation path. Finally, a system design of a node for intrusion detection using the honeypot technology is proposed in this paper

show abstract