Now Offering a 20% Discount When a Minimum of Five Titles in Related Subject Areas are Purchased TogetherAlso, receive free worldwide shipping on orders over US$ 395.(This offer will be automatically applied upon checkout and is applicable to print & digital publications)Browse Titles

Special Offers
- 10% Discount on All E-Books through IGI Global’s Online Bookstore
  With the continued paper shortages and supply chain issues, we have been informed by our partners that there will be substantial delays in printing and shipping publications, especially as we approach the holiday season. To help incentive the electronic format and streamline access to the latest research, we are offering a 10% discount on all our e-books through IGI Global’s Online Bookstore. Hosted on the InfoSci^® platform, these titles feature no DRM, no additional cost for multi-user licensing, no embargo of content, full-text PDF & HTML format, and more.
  Browse Titles
- IGI Global to Convert an Additional 30 Journals to Full Gold Open Access for the 2022 Volume Year
  IGI Global is to convert an additional 30 journals to full gold open access (OA) for their 2022 volume year, which will expand their OA collection to contain 60 gold open access and one (1) platinum open access journal.
  Learn More
- All IGI Global Scholarly Journals Shift to "Digital Preferred" Format
  In response to the overwhelming demand for electronic content coupled with the mission to decrease the overall environmental impacts of print production and distribution, all IGI Global journals will shift into a digital preferred model for the 2022 volume year. Under this model, journals will become primarily available under electronic format and articles will be immediately available upon acceptance. Print subscriptions and print + electronic subscriptions will still be available, but for the print version, all articles that are published during the volume year will become available at the end of the year in a single (1) printed volume.
  Learn More
- IGI Global’s New DEI e-Book Collection
  Acquire Over 320+ E-Books on Diversity, Equity, and Inclusivity from a publisher that has been dedicated to DEI since its inception over 30 years ago. Now, benefit from a collection of all of our DEI e-Books at a 90% Discount.
  Learn More
- Receive a 20% Discount When a Minimum of Five Titles are Purchased Together
  This 20% discount is automatically applied upon checkout and is only applicable when five or more reference books and scholarly journals are ordered. Discount valid on purchases made directly through IGI Global’s Online Bookstore (www.igi-global.com) and cannot be combined with any other discount. It may not be used by distributors or book sellers and the offer does not apply to databases. Exclusions of select titles may apply.
  Browse Titles
- Receive Free Shipping on Orders Over US$ 395.00
  Free shipping will be automatically applied to shopping cart orders over US$ 395.00 or more before tax, which can include a combination of print and non-shippable products (i.e. e-books, e-journals, and articles/chapters). It is only available when you order directly through IGI Global’s Online Bookstore and is only valid on standard U.S. and international shipping. There will be additional charges for express shipping and limitations may apply.
  Browse Titles
- Offering a 5% Pre-Publication Discount on
  All Reference Books Ordered Through IGI Global’s Online Bookstore*
  To support customers with accessing the latest research, IGI Global is offering a 5% pre-publication discount on all hardcover, softcover, e-books, and hardcover + e-books titles.
  *5% discount offer is eligible on hardcover, softcover, e-books, and hardcover + e-books titles and is automatically applied directly to the shopping cart. Discount offer only valid on purchases made directly through IGI Global’s Online Bookstore and offer expires 30 days after the publication’s release. This automatic discount is not intended for use by book distributors or wholesalers.
  Browse Titles
- Create a Free IGI Global Library Account to Receive an Additional 10% Discount on All Purchases
  Exclusive benefits include one-click shopping, flexible payment options, free COUNTER 5 reports and MARC records, and a 10% discount on single all titles, as well as the award-winning e-Book and e-Journal Collections.
  Sign Up Now!
Books
Journals
- - Journals
  - Open Access Journals
e-Collections
- - e-Collections
  - Open Access Read & Publish
Articles/Chapters
Publish with Us
Resources
- - Instructors
  - Course Adoption
  - Teaching Cases
  - K-12 Online Learning Collection
  - Authors and Editors
  - eEditorial Discovery^® System
  - Peer Review Process
  - Ethics and Malpractice
  - COPE Membership
  - Fair Use Policy
  - Open Access Publishing
  - Editorial Services
  - FAQ
Catalogs
About Us
Newsroom

Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness

Aymen Akremi (Umm Al-Qura University, Saudi Arabia), Hassen Sallay (Umm Al-Qura University, Saudi Arabia) and Mohsen Rouached (Sultan Qaboos University, Oman)

Source Title: Security and Privacy Management, Techniques, and Protocols

DOI: 10.4018/978-1-5225-5583-4.ch010

OnDemand PDF Download:

Available

$37.50

Current Special Offers

No Current Special Offers

Abstract

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Chapter Preview

Top

Introduction

With the growth of digital world, malicious viruses or generally digital attacks are in continuous spreading using different methods and techniques making their detection very hard especially for unknown attacks which are malicious threat that their signature and updating security provisions databases or exploited vulnerability are not determined yet . Therefore, the compromised systems are seriously damaged. Vulnerabilities may occur due to several factors such as human breaking of security policies which in turn may be exploited by malicious threats. The anomaly based intrusion detection systems are known by their high accuracy of unknown attacks detection since each new network behavior is considered as an attack. This feature makes anomaly-based intrusion detection systems largely used by organization and governments to protect from digital attacks and specially unknown attacks.

However, the use of data gathered from IDS for forensics purposes has initiated several discussions (Sommer, 1998; Stephenson, 2000; Yuil, 1999). The challenge is how much the IDS can meet and respect legal requirements in terms of integrity and original data preservation when collecting evidence during ongoing attacks. Although IDSs are not designed to collect and protect the integrity of the type of information required to conduct law enforcement investigation (Sommer, 1998), Yuil et al (Yuil, 1999) claimed that the IDSs are able to collect enough information during an ongoing attack to profile the attacker. The IDS may help detecting attacks in an early stage and therefore giving the opportunity to improve the readiness of the forensics system. Also, it links attack to events and gives a profound understanding of the attack type and targeted component which facilitates the suggestion of hypothesis about the suspect and help locate in advance the files and logs to be analyzed. The proposed digital forensics framework for SOA should include a smart log manager system allowing the collection, integration, reduction, and manipulation of the gathered logs from different components and security tools as IDS. However, IDS are known by their tremendous amount of the security alerts due to the high speed alert generation throughput and sensitivity to new network behavior which make the forensics management of intrusion detection alerts both compute and memory intensive. Obviously, the high level rate of wrong alerts reduces the performance and efficiency of IDS which minimizes its capability to prevent attacks and make the alert analysis tasks very difficult and time consuming.

In this chapter, we focus on the design and the implementation of an efficient IDS alert classifier that helps investigators to analyze the gathered data in real or near real time and improve the live forensics readiness to be used by the log management system under the log reduction and manipulation. More specifically, we propose Alert Miner; a classifier using a new alert classification algorithm based on a frequent pattern outlier detection data mining approach. The rest of this chapter is organized as follows: section 2 presents related work to IDS alert classification, section 3 shows the IDS alert processing model and the main data mining techniques used in the network specification extraction and classification improvement and section 4 presents the algorithm description. Section 5 shows the results of our implementation and our performance study. Finally, in section 6, we conclude the chapter by discussing the proposed approach, and proposing some future works.

Complete Chapter List

Search this Book:

Reset

MLA

APA

Chicago

Export Reference

Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness

Abstract

Introduction

Complete Chapter List