Strategy to Reduce False Alarms in Intrusion Detection and Prevention Systems
Qais Qassim, Ahmed Patel, and Abdullah Mohd Zin
Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Malaysia
Faculty of Information Science and Technology, Universiti Kebangsaan Malaysia, Malaysia
Abstract: Pervasive and sustained cyber attacks against information systems continue to pose a potentially devastating impact. Security of information systems and the networks that connect them is becoming increasingly significant nowadays than before as the number of security incidents steadily climbs. The traditional ways of protection with firewall and encryption software are no longer sufficient and effective. In this struggle to secure the data and the systems on which it is stored, Intrusion Detection and Prevention System (IDPS) can prove to be an invaluable tool. IDPS can also, be a very useful tool for recording forensic evidence that may be used in legal proceeding. The intrusion detection and prevention system have provided a high detection rate in detecting attack attempts. However, IDPS performance is hindered by the high false alarm rates it produces. This is a serious concern in information security because every false alarm can onset a severe impact to the system such as the disruption of information availability because of IDPS blockage in suspecting the information to be an attack attempt. The aim of this paper is to propose a strategy to reduce these false alarm rates to an acceptable level to maintain the total security against serious attacks by implementing a fuzzy logic-risk analysis technique for analyzing the generated alarms.
Keywords: information security, intrusion detection, intrusion prevention, anomaly detection, risk analysis.
Received January 30, 2012; accepted April 15, 2013