An incremental intrusion detection model using alarms correlation

Document Type : Research Paper

Authors

1 Department of Management and Economics, Science and Research Branch, Islamic Azad University, Tehran, Iran

2 School of Mathematics, Iran University of Science and Technology, Tehran, Iran

3 School of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

4 Department of Management and Accounting, Karaj Branch, Islamic Azad University, Karaj, Iran

Abstract

Today, intrusion detection systems are extremely important in securing computers and computer networks. Correlated systems are next to intrusion detection systems by analyzing and combining the alarms received from them, appropriate reports for review and producing security measures. One of the problems face by intrusion detection systems is generating a large volume of false alarms, so one of the most important issues in correlated systems is to check the alerts received by the intrusion detection system to distinguish true-positive alarms from false-positive alarms. The main focus of this research is on the applied optimization of classification methods to reduce the cost of organizations and security expert time in alert checking. The proposed intrusion detection model using correlation(IIDMC) is tested on a valid test dataset and the results show the efficiency of the proposed model and consequently its high accuracy.

Keywords