Welcome to the InfoSci Platform
Reference Hub1
Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness

Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness

Aymen Akremi, Hassen Sallay, Mohsen Rouached
Copyright: © 2018 |Pages: 21
ISBN13: 9781522555834|ISBN10: 1522555838|EISBN13: 9781522555841
DOI: 10.4018/978-1-5225-5583-4.ch010
Cite Chapter Cite Chapter

MLA

Akremi, Aymen, et al. "Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness." Security and Privacy Management, Techniques, and Protocols, edited by Yassine Maleh, IGI Global, 2018, pp. 255-275. https://doi.org/10.4018/978-1-5225-5583-4.ch010

APA

Akremi, A., Sallay, H., & Rouached, M. (2018). Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness. In Y. Maleh (Ed.), Security and Privacy Management, Techniques, and Protocols (pp. 255-275). IGI Global. https://doi.org/10.4018/978-1-5225-5583-4.ch010

Chicago

Akremi, Aymen, Hassen Sallay, and Mohsen Rouached. "Intrusion Detection Systems Alerts Reduction: New Approach for Forensics Readiness." In Security and Privacy Management, Techniques, and Protocols, edited by Yassine Maleh, 255-275. Hershey, PA: IGI Global, 2018. https://doi.org/10.4018/978-1-5225-5583-4.ch010

Export Reference

Mendeley
Favorite

Abstract

Investigators search usually for any kind of events related directly to an investigation case to both limit the search space and propose new hypotheses about the suspect. Intrusion detection system (IDS) provide relevant information to the forensics experts since it detects the attacks and gathers automatically several pertinent features of the network in the attack moment. Thus, IDS should be very effective in term of detection accuracy of new unknown attacks signatures, and without generating huge number of false alerts in high speed networks. This tradeoff between keeping high detection accuracy without generating false alerts is today a big challenge. As an effort to deal with false alerts generation, the authors propose new intrusion alert classifier, named Alert Miner (AM), to classify efficiently in near real-time the intrusion alerts in HSN. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.