IDEAS home Printed from https://ideas.repec.org/a/igg/jisp00/v8y2014i1p62-78.html
   My bibliography  Save this article

An Efficient Intrusion Alerts Miner for Forensics Readiness in High Speed Networks

Author

Listed:
  • Aymen Akremi

    (CES Research Unit, National School of Engineers of Sfax, Sfax, Tunisia)

  • Hassen Sallay

    (Al Imam Mohammad Ibn Saud Islamic University. (IMSIU), Riyadh, Saudi Arabia)

  • Mohsen Rouached

    (College of Computers and Information Technology, Taif University, Taif, Saudi Arabia)

Abstract

Intrusion Detection System is considered as a core tool in the collection of forensically relevant evidentiary data in real or near real time from the network. The emergence of High Speed Network (HSN) and Service oriented architecture/Web Services (SOA/WS) putted the IDS in face of a typical big data management problem. The log files that IDS generates are very enormous making very fastidious and both compute and memory intensive the forensics readiness process. Furthermore the high level rate of wrong alerts complicates the forensics expert alert analysis and it disproves its performance, efficiency and ability to select the best relevant evidences to attribute attacks to criminals. In this context, we propose Alert Miner (AM), an intrusion alert classifier, which classifies efficiently in near real-time the intrusion alerts in HSN for Web services. AM uses an outlier detection technique based on an adaptive deduced association rules set to classify the alerts automatically and without human assistance. AM reduces false positive alerts without losing high sensitivity (up to 95%) and accuracy up to (97%). Therefore AM facilitates the alert analysis process and allows the investigators to focus their analysis on the most critical alerts on near real-time scale and to postpone less critical alerts for an off-line log analysis.

Suggested Citation

  • Aymen Akremi & Hassen Sallay & Mohsen Rouached, 2014. "An Efficient Intrusion Alerts Miner for Forensics Readiness in High Speed Networks," International Journal of Information Security and Privacy (IJISP), IGI Global, vol. 8(1), pages 62-78, January.
  • Handle: RePEc:igg:jisp00:v:8:y:2014:i:1:p:62-78
    as

    Download full text from publisher

    File URL: http://services.igi-global.com/resolvedoi/resolve.aspx?doi=10.4018/ijisp.2014010104
    Download Restriction: no
    ---><---

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:igg:jisp00:v:8:y:2014:i:1:p:62-78. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Journal Editor (email available below). General contact details of provider: https://www.igi-global.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.