Extracting Ambiguous Sessions from Real Traffic with Intrusion Prevention Systems

False Positives (FPs) and False Negatives (FNs) are com-mon in every Intrusion Prevention System (IPS). None of the systems could judge better than others all the time. This paper proposes a system of Ambiguous Session Extraction (ASE) to create a pool of ambiguous traffic traces. Traffic traces or sessions are called “Ambiguous”, meaning they cause potential FNs (abbreviated as P-FNs) and potential FPs (abbreviated as P-FPs) to IPSes. IPS developers can use these ambiguous traffic traces to improve the accuracy of their products.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Resource Details

Provided by:
International Journal of Network Security
Topic:
Security
Format:
PDF