Clustering and prediction of alerts in intrusion detection system

Abstract

Due to the evolution of information technology todays companies newlineand organizations use complicated networks which use various collection of newlinetechnologies such as cryptography authentication distributed storage newlinesystems voice over IP wireless access and web services The enterprises are newlinemore accessible to these networks For example many business organizations newlineand enterprises enable customers to interact with the sophisticated network newlinevia ecommerce transactions Thus the network specified above is more newlinevulnerable to attacks and intrusion Vulnerability in software and technology newlinejointly with the increasing complexity of attacks has given rise to massive newlinevolume of alerts in the network newlineAn act of finding actions trying to negotiate the confidentiality newlineavailability or integrity of a computer or a network is called Intrusion newlineDetection ID Due to the advancement in the field of high speed networks newlineIntrusion Detection Systems IDS products are not able to keep in pace newlineConsiderable changes are required for IDS products which are presently newlineimplemented in the gigabyte network before they can provide complete newlinesecurity against attacks Inspite of being well documented the intrusion newlinedetection products in the market can detect only the half of the attacks newlineTherefore the current theme of this thesis is to develop a network based IDS newlinethat can detect attacks in a large high speed and volume venture network newlineThe size of the alerts stored in each networks is extremely large and newlinemakes it hard for humans to analyze the alerts In order to help humans in the newlineprocess of analyzing alerts and extracting important information from the newlinestored alerts a new area of alerts analysis method has evolved in the field of newlineintrusion detection and prevention system which is called as Collaborative newlineIntrusion Detection System CIDS newlineRecent research on IDS has focused on how to handle alarms Their newlinemain objectives were: to reduce the amount of false alarms to study the cause newlineof these false positives to generate a higher level vision or situation of the newlineattacks newline newline