Extracting Ambiguous Sessions from Real Traffic with Intrusion Prevention Systems
False Positives (FPs) and False Negatives (FNs) are com-mon in every Intrusion Prevention System (IPS). None of the systems could judge better than others all the time. This paper proposes a system of Ambiguous Session Extraction (ASE) to create a pool of ambiguous traffic traces. Traffic traces or sessions are called “Ambiguous”, meaning they cause potential FNs (abbreviated as P-FNs) and potential FPs (abbreviated as P-FPs) to IPSes. IPS developers can use these ambiguous traffic traces to improve the accuracy of their products.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays