An incremental intrusion detection model using alarms correlation

Document Type : Research Paper


Department of Management and Economics, Science and Research Branch, Islamic Azad University, Tehran, Iran



Today, intrusion detection systems are extremely important in securing computers and computer 
networks. Correlated systems are next to intrusion detection systems by analyzing and combining the 
alarms received from them, appropriate reports for review and producing security measures. One of 
the problems face intrusion detection systems is generating a large volume of false alarms, so one of 
the most important issues in correlated systems is to check the alerts received by the intrusion detection 
system to distinguish true-positive alarms from false-positive alarms. The main focus of this research 
is on the applied optimization of classification methods to reduce the cost of organizations and security 
expert time in alert checking. The proposed intrusion detetection model using correlation(IIDMC) is 
tested on a valid test dataset and the results show the efficiency of the proposed model and 
consequently its high accuracy.