38 research outputs found
FILTERING FALSE ALARMS: AN APPROACH BASED ON EPISODE MINING
The security of computer networks is a prime concern today. Various
devices and methods have been developed to offer different kinds of
protection (firewalls, IDS´s, antiviruses, etc.). By centrally
storing and processing the signals of these devices, it is possible
to detect more cheats and attacks than simply by analysing the logs
independently. The most difficult and still unsolved problem in
centralized systems is that vast numbers of false alarms. If a
harmless pattern, which caused by a safe operation is identified as
an alarm, then it is a nuisance and requires human invention to be
handled properly.
In this paper we show how we can use data mining to discover the
patterns that frequently causes false alarms. Due to the new
requirements (events with many attributes, invertible parametric
predicates) none of the previously published algorithms can be
applied to our problem directly. We present the algorithm ABAMSEP,
which discovers frequent alert-ended episodes. We prove that the
algorithm is correct in the sense that it finds all episodes that
meet the requirements of the specification
Advances in knowledge discovery and data mining Part II
19th Pacific-Asia Conference, PAKDD 2015, Ho Chi Minh City, Vietnam, May 19-22, 2015, Proceedings, Part II</p