1. UKM Learning and Research Repository
2. PHD Thesis / Tesis PHD
3. Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Title:	Improving anomaly-based nids alarms based on alarm classification approach
Authors:	Qais Saif Qassim (P51684)
Supervisor:	Ahmed Patel, Prof. Dr.
Keywords:	Detection systems Alarm classification False alarms Information resources Dissertations, Academic -- Malaysia
Issue Date:	21-Jun-2016
Description:	There has been a great deal of research done in the past in the field of anomaly-based intrusion detection systems, where numerous detection techniques have been proposed. However, the majority of the proposed techniques face a number of challenges. One of the most significant challenges is the high rates of false positive alarms that have been generated. A detection system may incorrectly identify a legitimate non-intrusive normal activity as being malicious and eventually results in obstruction of legitimate traffic. With large amount of false positives generated, the real threats detected can often go unnoticed as the flood of alarms gets too high. This compromises the whole intrusion detection system reducing its security value to almost none, and in worst cases, high positive false alarms lead to self denial of service. Therefore, false alarms are a grave concern as it can severely impact the information resources. The primary objective of this research is to propose a new false alarm validation method for anomaly-based network intrusion detection systems to filter-out false positive alarms. In order to achieve the research objective, the research is carried out through a number of phases. In the first phase, network traffic features have been analysed to determine the best of features that represent the state of the environment to be examined. The next phase involves the development of the new alarm classification method, followed by the design and implementation of a prototype based on the proposed method. Finally the prototype is evaluated to determine its accuracy and performance. The result of this research is a new alarm validation system that helps to classify alarms without using predefined knowledge of attack signatures. The proposed system had been benchmarked using DARPA/MIT Lincoln Laboratory off-line intrusion detection evaluation dataset against Packet Header Anomaly Detection (PHAD). Experimental results showed that, the approach effectively reduces the amount of false alarms up to 80% on average. The results show that the selection of features and the proposed classification algorithm have a strong potential to detect alarm anomalies and significantly reduce the positive false alarms rate. To the best of our knowledge, it is the first time the false alarm patterns have been utilized in any sense to classify anomaly-based IDS alarms.,Certification of Master's/Doctoral Thesis" is not available
Pages:	309
Publisher:	UKM, Bangi
Appears in Collections:	Faculty of Information Science and Technology / Fakulti Teknologi dan Sains Maklumat

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.