A technique to reduce false positives of network IDS with machine learning (Japanese)

In: Transactions of the Information Processing Society of Japan   ;  45 ,  8  ;  2105-2112  ;  2004
  • ISSN:
  • Article (Journal)  /  Print

Recently, network-based IDS (network-based intrusion detection systems), which always observes the packets flowing in the networks, has become the focus of the public attention with increasing security incident. However, network-based IDS frequently mistakes attacks. Especially, IDS generates many false positives, that are bogus alerts caused by mistakes normal events with attacks. Many false positives cause problems for administrators, who have to distinguish real attacks with false positives in IDS log. In this paper, we proposed a technique to detect false positives in IDS log by learning patterns of false positives with machine learning. And we implemented and evaluated the proposal system, and proved effectiveness of our proposal.

