期刊名称:International Journal of Advanced Research In Computer Science and Software Engineering
印刷版ISSN:2277-6451
电子版ISSN:2277-128X
出版年度:2012
卷号:2
期号:8
出版社:S.S. Mishra
摘要:As the network based computer system plays an important role in modern society they have become target of our enemies and criminals. Therefore we need to find the best possible ways to protect our IT System. Different methods and algorithms are developed and proposed in recent years to improve intrusion detection systems. The most important issue in current systems is False Positive alarm rate. This is because current systems are poor at detecting novel anomaly attacks. These kinds of attacks refer to any action that significantly deviates from the normal behaviour which is considered intrusion. Many NIDSs are signature based which consider only one device log, and conclude whether intrusion happened or not and internet attacks are increasing exponentially and there have been various attacks methods, consequently. False Positive alarm affects the effectiveness of NIDS and increase load on network administrator which can frustrate admin. To minimise this False Positives, we can use Data mining using Event Correlation Technique (ECT) for Network Intrusion Detection such that by correlating events at different component of network security NIDS can identify whether actually intrusion occurred or not. In this paper we aim to discuss our proposed system in that we are using Event correlation analysis to reduce False Positive alarm rate. This paper also clarifies important issues concerning Network Intrusion Detection System, Data mining and Event Correlation and proposed system that increase the effectiveness of NIDS by using event log analysis and correlation.
关键词:Network Intrusion Detection System (NIDS); Data mining; Event Correlation; False Positive Alarm
