Reducing IDS False Positives Using Incremental Stream Clustering Algorithm

Dey, Champa (2009) Reducing IDS False Positives Using Incremental Stream Clustering Algorithm. Masters thesis, Royal Institute of Technology.

Full text not available from this repository.


Along with Cryptographic protocols and digital signatures, Intrusion Detection Systems(IDS) are considered to be the last line of defense to secure a network. But the main problem with todays most popular commercial IDSs(Intrusion Detection System) is the generation of huge amount of false positive alerts along with the true positive alerts, which is a cumbersome task for the operator to investigate in order to initiate proper responses. So, there is a great demand to explore this area of research and to find out a feasible solution. In this thesis, we have chosen this problem as our main area of research. We have tested the effectiveness of using the Incremental Stream Clustering Algorithm in order to reduce the number of false alerts from an IDS output. This algorithm was tested with output of one of the most popular network based open source IDS, named Snort, which was configured to playback mood to look for DARPA 1999 network traffic dataset. Our approach was evaluated and compared with K-Nearest Neighbor Algorithm. The result shows that the Incremental Stream Clustering Algorithm reduces (more than 99%) the number of false alarms more than that of K-Nearest Neighbor Algorithm (93%).

Item Type:Thesis (Masters)
Uncontrolled Keywords:Intrusion detection system, False positive alert, Incremental Stream Clustering algorithm, DARPA 1999 network traffic dataset
ID Code:3591
Deposited By:L-H Orc Lönn
Deposited On:20 Apr 2009
Last Modified:18 Nov 2009 16:24

Repository Staff Only: item control page