The problem of false alarms: Evaluation with Snort and DARPA 1999 dataset

Gina C. Tjhai, Maria Papadaki, Steven M. Furnell, Nathan L. Clarke

Research output: Chapter in Book/Report/Conference proceedingConference proceedings published in a bookpeer-review

Abstract

It is a common issue that an Intrusion Detection System (IDS) might generate thousand of alerts per day. The problem has got worse by the fact that IT infrastructure have become larger and more complicated, the number of generated alarms that need to be reviewed can escalate rapidly, making the task very difficult to manage. Moreover, a significant problem facing current IDS technology now is the high level of false alarms. The main purpose of this paper is to investigate the extent of false alarms problem in Snort, using the 1999 DARPA IDS evaluation dataset. A thorough investigation has been carried out to assess the accuracy of alerts generated by Snort IDS. Significantly, this experiment has revealed an unexpected result; with 69% of total generated alerts are considered to be false alarms.

Original languageEnglish
Title of host publicationTrust, Privacy and Security in Digital Business - 5th International Conference, TrustBus 2008, Proceedings
Pages139-150
Number of pages12
DOIs
Publication statusPublished - 2008
Event5th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2008 - Turin, Italy
Duration: 4 Sept 20085 Sept 2008

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5185 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference5th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2008
Country/TerritoryItaly
CityTurin
Period4/09/085/09/08

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Keywords

  • DARPA dataset
  • False positive
  • Intrusion detection system
  • Snort
  • True positive

Fingerprint

Dive into the research topics of 'The problem of false alarms: Evaluation with Snort and DARPA 1999 dataset'. Together they form a unique fingerprint.

Cite this