A Novel Signature-Based Traffic Classification Engine to Reduce False Alarms in Intrusion Detection Systems
Pattern matching plays a significant role in ascertaining network attacks and the foremost prerequisite for a trusted Intrusion Detection System (IDS) is accurate pattern matching. During the pattern matching process packets are scanned against a pre-defined rule sets. After getting scanned, the packets are marked as alert or benign by the detection system. Sometimes the detection system generates false alarms i.e., good traffic being identified as bad traffic. The ratio of generating the false positives varies from the performance of the detection engines used to scan incoming packets.