An Approach to Filter False Positive Alerts Based on RS-SVM Theory

Julisch K. Using root cause analysis to handle intrusion detec -tion alarms. [PhD thesis], University of Dortmund, 2003.[2]Manganaris S, Christensen M, and Zerkle D, et al.. A data mining analysis of RTID alarms[J].Computer Networks.2000, 34(4):571-577[3]Wang J and Lee I. Measuring false-positive by automated real-time correlated hacking behavior analysis. Information Security 4th International Conference, Koice, Slovakia, Heidelberg: Springer-Verlag, 2001: 512-535.[4]Alharby A and Imai H. IDS false alarm reduction using continuous and discontinuous patterns. Proceeding of Applied Cryptography and Network Security. New York, USA, Heidelberg: Springer-Verlag, 2005: 192-205.[5]Shin Moon Sun, Kim Eun Hee, and Ryu Keun Ho. False alarm classification model for network-based intrusion detection system. Proceeding of the 5th International Conference on Intelligent Data Engineering and Automated Learning, Exeter, UK, Heidelberg: Springer-Verlag, 2004: 259-265.Pietraszek T. Using adaptive alert classification to reduce positive in intrusion detection. Proceeding of the 7th Inter -national Symposium on Recent Advance in Intrusion Detection, Riviera, France, Heidelberg: Springer-Verlag, 2004: 102-124.[6]Zhang Z and Shen H. Suppressing false alarms of intrusion detection using improved text categorization method. Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service, Taipei, Taiwan, Estats Units: IEEE Computer Society Press，2004: 163-166.[7]Law Kwok Ho and Kwok Lam For. IDS false alarm filtering using KNN classifier. Proceeding of the 5th International Workshop on Information Security Applications, Jeju Island, Korea, Heidelberg: Springer-Verlag, 2004: 114-121.[8]Walczak B and Massart D L. Rough sets theory[J].Chemomet -rics and Intelligent Laboratory Systems.1999, 47(1):1-19[9]Vapnik V N. An overview of statistical learning theory[J].IEEE Trans. on Neural Networks.1999, 10(5):988-999