Reduce false positive using expert system on IDS
Abstract
When an attacker tries to penetrate the network, there are many defensive systems, including Intrusion Detection Systems (IDSs). Intrusion Detection refers to the process of monitoring the system for unauthorized access incidents, which can be the violation of the security policy, system use policy, or any other security standards. An Intrusion Detection System (IDS) is software that implements the intrusion detection process. However, it has a weakness in that it cannot provide a clear idea to the analyst because of the huge number of false alerts generated by these systems.
This weakness in IDS motivated us to provide improvements that reduce false alerts, detect high-level patterns of attacks, and increase the understanding of occurred incidents. Further research in this area is therefore encouraged to fill the existing gaps. In this paper, we present an expert system approach to reduce the number of false positive alerts in intrusion detection using alert processing.