A Bayesian Classification on Asset Vulnerability for Real Time Reduction of False Positives in IDs
IT assets connected on internet will encounter alien protocols and few parameters of protocol process are exposed as vulnerabilities. Intrusion Detection Systems (IDS) are installed to alert on suspicious traffic or activity. IDS issues false positives alerts, if any behavior construe for partial attack pattern or the IDS lacks environment knowledge. Continuous monitoring of alerts to evolve whether, an alert is false positive or not is a major concern. In this paper, the authors present design of an external module to IDS, to identify false positive alerts-based on anomaly based adaptive learning model.
Provided by: Academy & Industry Research Collaboration Center Topic: Security Date Added: Mar 2012 Format: PDF