PASCAL - Pattern Analysis, Statistical Modelling and Computational Learning

Automated Filtering of Network Intrusion Detection Alarms
Ahmad Faour, Philippe Leray and Bassam Eter
In: First Joint Conference on Security in Network Architectures (SAR) and Security of Information Systems (SSI), 6-9 June 2006, Seignosse, France.


It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. This paper presents a new approach for handling intrusion detection alarms more efficiently. We propose here an architecture for automated alarm filtering based on classical method of clustering (Self-Organizing Maps) coupled with probabilistic graphical model (Bayesian belief networks) for determining if the network is really attacked.

PDF - PASCAL Members only - Requires Adobe Acrobat Reader or other PDF viewer.
EPrint Type:Conference or Workshop Item (Paper)
Project Keyword:Project Keyword UNSPECIFIED
Subjects:Learning/Statistics & Optimisation
ID Code:2103
Deposited By:Philippe Leray
Deposited On:07 May 2006