Automated Filtering of Network Intrusion Detection Alarms
Ahmad Faour, Philippe Leray and Bassam Eter
In: First Joint Conference on Security in Network Architectures (SAR) and Security of Information Systems (SSI), 6-9 June 2006, Seignosse, France.
It is a well-known problem that intrusion detection systems overload their human operators by triggering thousands of alarms per day. This paper presents a new approach for handling intrusion detection alarms more efficiently. We propose here an architecture for automated alarm filtering based on classical method of clustering (Self-Organizing Maps) coupled with probabilistic graphical model (Bayesian belief networks) for determining if the network is really attacked.