Reducing false positives in anomaly detectors through fuzzy alert aggregation |
| |
| Authors: | Federico Maggi Matteo Matteucci Stefano Zanero |
| |
| Affiliation: | aDipartimento di Elettronica e Informazione, Politecnico di Milano Technical University, via Ponzio 34/5, 20133 Milano, Italy |
| |
| Abstract: | In this paper we focus on the aggregation of IDS alerts, an important component of the alert fusion process. We exploit fuzzy measures and fuzzy sets to design simple and robust alert aggregation algorithms. Exploiting fuzzy sets, we are able to robustly state whether or not two alerts are “close in time”, dealing with noisy and delayed detections. A performance metric for the evaluation of fusion systems is also proposed. Finally, we evaluate the fusion method with alert streams from anomaly-based IDS. |
| |
| Keywords: | Intrusion detection Anomaly detection Fuzzy measures Fuzzy sets Aggregation Multisensor fusion |
| 本文献已被 ScienceDirect 等数据库收录! |
