To search, Click below search items.


All Published Papers Search Service


A new Data Mining-based Approach to Improving the Quality of Alerts in Intrusion Detection Systems


Hadi Barani Baravati, Javad Hosseinkhani, Solmaz Keikhaee, Meisam Ostad Hossein Khayat, and Malek Havasi


Vol. 17  No. 8  pp. 194-198


Data mining is about finding insights which are statistically reliable, unknown previously, and actionable from data. This data must be available, relevant, adequate, and clean. Also, the data mining problem must be well-defined, cannot be solved by query and reporting tools, and guided by a data mining process model Thus it is essential to use different security tools in order to protect computer systems and networks. Among these tools, Intrusion Detection Systems (IDSs) are one of the components of Defense-in-depth. One major drawback of IDSs is the generation of a huge number of alerts, most of which are false, redundant, or unimportant. Among different remedy approaches, many researchers proposed the use of data mining. Most of the research done in this area could not address the problems completely. Also, most of them suffer from human dependency and offline functionality. In this research, an online approach is proposed in order to manage alerts issued by IDSs. The proposed approach is able to process alerts produced by heterogeneous IDS systems. The approach is evaluated using DARPA 1999 dataset and Shahid Rajaee Port Complex dataset. Evaluation results show that the proposed approach can reduce the number of alerts by 94.32%, effectively improving alert management process. Because of the utilization of ensemble methodology and ideal algorithms in the proposed methodology, it can advise network security specialist the talk about of the monitored network within an online manner.


Web Data Mining, Quality of Alerts, Data Mining, Intrusion Detection.